From b7ec45b3e18956655dc899ed923016ef7151d3a3 Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Wed, 2 Oct 2013 16:33:00 +0200
Subject: [PATCH] OO-689: make a little more secure
---
.../olat/commons/calendar/GotoDateEvent.java | 1 +
.../commons/calendar/ImportCalendarJob.java | 4 -
.../calendar/ui/CalendarExportController.java | 8 +-
.../calendar/ui/CalendarImportNameForm.java | 2 +-
.../calendar/ui/CalendarPrintMapper.java | 4 +-
.../ui/KalendarEntryDetailsController.java | 12 +-
.../calendar/ui/KalendarEntryForm.java | 2 +-
.../ui/components/KalendarRenderWrapper.java | 1 +
.../ui/events/KalendarGUIAddEvent.java | 1 +
.../info/ui/CreateInfoStepController.java | 2 +-
.../info/ui/InfoDisplayController.java | 3 +-
.../commons/info/ui/InfoEditController.java | 2 +-
.../info/ui/InfoEditFormController.java | 16 +-
.../commons/info/ui/_content/display.html | 2 +-
.../modules/bc/components/ListRenderer.java | 4 +-
.../bc/meta/MetaInfoFormController.java | 17 +-
.../glossary/GlossaryFlexionController.java | 11 +-
.../glossary/GlossaryMainController.java | 7 +-
.../GlossaryTermAndSynonymController.java | 4 +-
.../glossary/_content/glossarylist.html | 4 +-
.../morphService/MorphologicalService.java | 6 +-
.../MorphologicalServiceDEImpl.java | 9 +-
.../MorphologicalServiceFRImpl.java | 12 +-
.../textboxlist/TextBoxListComponent.java | 2 +-
.../FloatingResizableDialogController.java | 5 +-
.../AutoCompleterListReceiver.java | 3 +-
.../generic/modal/DialogBoxUIFactory.java | 3 +-
.../velocity/VelocityRenderDecorator.java | 5 +-
.../java/org/olat/core/util/StringHelper.java | 12 ++
.../core/util/mail/ui/MailController.java | 21 +--
.../util/mail/ui/MailFromCellRenderer.java | 17 +-
.../assessment/_content/detailview.html | 6 +-
.../assessment/_content/identityoverview.html | 6 +-
.../course/nodes/fo/_content/peekview.html | 2 +-
.../ProjectBrokerReturnboxController.java | 7 +-
.../ProjectFolderController.java | 8 +-
.../ta/DropboxScoringViewController.java | 30 ++-
.../course/nodes/ta/ReturnboxController.java | 19 +-
.../nodes/ta/TACourseNodeRunController.java | 3 +-
.../homepage/GroupInfoDisplayController.java | 3 +-
.../AbstractBusinessGroupListController.java | 3 +-
.../group/ui/main/MemberInfoController.java | 3 +-
.../MemberLeaveConfirmationController.java | 3 +-
.../ui/main/_content/accept_reservations.html | 2 +-
.../_content/group_delete_confirmation.html | 2 +-
.../gui/control/OlatFooterController.java | 3 +-
.../gui/control/OlatTopNavController.java | 4 +-
.../instantMessaging/manager/RosterDAO.java | 4 -
.../model/RosterEntryImpl.java | 1 -
.../instantMessaging/ui/ChatController.java | 3 +-
.../ui/IMBuddyListController.java | 5 +-
.../org/olat/instantMessaging/ui/Roster.java | 12 +-
.../olat/instantMessaging/ui/RosterForm.java | 3 +-
.../ui/_content/buddies_content.html | 2 +-
.../ui/_content/chatMsgField.html | 2 +-
.../instantMessaging/ui/_content/roster.html | 2 +-
.../modules/fo/MessageEditController.java | 6 +-
.../fo/_content/attachments-editview.html | 2 +-
.../olat/modules/fo/_content/msg-preview.html | 4 +-
.../olat/modules/fo/_content/threadview.html | 7 +-
.../webFeed/ui/blog/_content/posts.html | 2 +-
.../org/olat/portfolio/EPAbstractHandler.java | 1 -
.../portfolio/EPMapOnInvitationExtension.java | 1 -
.../org/olat/portfolio/EPMyMapsExtension.java | 1 -
.../olat/portfolio/EPOtherMapsExtension.java | 1 -
.../manager/EPNotificationManager.java | 9 +-
.../manager/EPNotificationsHandler.java | 6 +-
.../olat/portfolio/ui/EPMapRunController.java | 9 +-
.../portfolio/ui/EPViewModeController.java | 3 -
.../ui/PortfolioAdminController.java | 3 +-
.../ArtefactWizzardStepsController.java | 1 -
.../collect/CmdAddToEPortfolioImpl.java | 1 -
.../collect/EPAddArtefactController.java | 5 +-
.../EPArtefactWizzardStepCallback.java | 1 -
.../ui/artefacts/collect/EPCollectStep01.java | 6 +-
.../collect/EPCollectStepForm00.java | 2 +-
.../collect/EPCollectStepForm01.java | 15 +-
.../collect/EPCollectStepForm02.java | 1 -
.../collect/EPCollectStepForm03.java | 1 -
.../EPCreateFileArtefactStepForm00.java | 1 -
.../EPCreateTextArtefactStepForm00.java | 2 +-
.../collect/EPReflexionChangeEvent.java | 3 +-
.../view/ArtefactTypeImageCellRenderer.java | 1 -
.../EPArtefactAttributeSettingController.java | 2 -
.../view/EPArtefactChoosenEvent.java | 1 +
.../view/EPArtefactDeletedEvent.java | 1 +
.../view/EPArtefactViewController.java | 16 +-
.../EPArtefactViewReadOnlyController.java | 13 +-
.../EPMultipleArtefactPreviewController.java | 1 -
...rtefactSmallReadOnlyPreviewController.java | 3 +-
.../view/EPReflexionViewController.java | 2 -
.../artefacts/view/EPTagBrowseController.java | 1 -
.../ui/artefacts/view/EPTagBrowseEvent.java | 3 +-
.../view/_content/smallSingleArtefact.html | 4 +-
.../TextArtefactDetailsController.java | 4 +-
.../ui/structel/EPAddElementsController.java | 15 +-
.../ui/structel/EPArtefactClicked.java | 3 +-
.../ui/structel/EPCreateMapController.java | 1 -
.../ui/structel/EPMapCreatedEvent.java | 2 +
.../portfolio/ui/structel/EPMapEvent.java | 2 +
.../ui/structel/EPMapViewController.java | 3 +-
.../ui/structel/EPMultiplePageController.java | 8 +-
.../ui/structel/EPPageViewController.java | 4 +-
.../ui/structel/EPStructureChangeEvent.java | 2 +
.../EPStructureElementsController.java | 1 -
.../ui/structel/EPStructureEvent.java | 3 +-
.../ui/structel/_content/mapview.html | 2 +-
.../ui/structel/_content/multiMaps.html | 6 +-
.../ui/structel/_content/pageView.html | 2 +-
.../ui/structel/_content/structElements.html | 2 +-
.../EPCollectRestrictionResultController.java | 1 -
.../edit/EPStructureDetailsController.java | 1 -
...StructureTreeAndDetailsEditController.java | 5 +-
.../ui/structel/edit/EPTOCController.java | 2 +-
.../RepositoryDetailsController.java | 4 +-
.../RepositoryEditDescriptionController.java | 1 +
.../free/ui/FreeAccessController.java | 1 +
.../paypal/ui/PaypalAccessController.java | 1 +
.../token/ui/TokenAccessController.java | 1 +
.../ui/OrderDetailController.java | 8 +-
.../ui/_content/configuration_list.html | 2 +-
.../service/document/file/PdfDocument.java | 4 +
.../search/ui/_content/standardResult.html | 2 +-
.../olat/user/DisplayPortraitController.java | 5 +-
.../olat/user/HomePageDisplayController.java | 9 +-
.../olat/user/_content/homepagedisplay.html | 2 +-
.../propertyhandlers/XingPropertyHandler.java | 8 +-
.../static/js/tinymce4/tinymce/langs/fr.js | 175 ++++++++++++++++++
.../olat/instantMessaging/RosterDAOTest.java | 26 ---
129 files changed, 477 insertions(+), 323 deletions(-)
create mode 100755 src/main/webapp/static/js/tinymce4/tinymce/langs/fr.js
diff --git a/src/main/java/org/olat/commons/calendar/GotoDateEvent.java b/src/main/java/org/olat/commons/calendar/GotoDateEvent.java
index d43c56faab8..f046ccdfbd2 100644
--- a/src/main/java/org/olat/commons/calendar/GotoDateEvent.java
+++ b/src/main/java/org/olat/commons/calendar/GotoDateEvent.java
@@ -38,6 +38,7 @@ import org.olat.core.gui.control.Event;
*/
public class GotoDateEvent extends Event {
+ private static final long serialVersionUID = -6916106022637446581L;
private Date gotoDate;
public GotoDateEvent(Date gotoDate) {
diff --git a/src/main/java/org/olat/commons/calendar/ImportCalendarJob.java b/src/main/java/org/olat/commons/calendar/ImportCalendarJob.java
index 9f07a6bbca0..22dcce5a68e 100644
--- a/src/main/java/org/olat/commons/calendar/ImportCalendarJob.java
+++ b/src/main/java/org/olat/commons/calendar/ImportCalendarJob.java
@@ -26,8 +26,6 @@
package org.olat.commons.calendar;
import org.olat.core.commons.scheduler.JobWithDB;
-import org.olat.core.logging.OLog;
-import org.olat.core.logging.Tracing;
import org.quartz.JobExecutionContext;
/**
@@ -40,8 +38,6 @@ import org.quartz.JobExecutionContext;
*/
public class ImportCalendarJob extends JobWithDB {
- private static final OLog log = Tracing.createLoggerFor(ImportCalendarJob.class);
-
@Override
public void executeWithDB(JobExecutionContext context) {
try {
diff --git a/src/main/java/org/olat/commons/calendar/ui/CalendarExportController.java b/src/main/java/org/olat/commons/calendar/ui/CalendarExportController.java
index c5a780805fe..f6c2dbf3d6b 100644
--- a/src/main/java/org/olat/commons/calendar/ui/CalendarExportController.java
+++ b/src/main/java/org/olat/commons/calendar/ui/CalendarExportController.java
@@ -35,14 +35,12 @@ import org.olat.core.gui.components.velocity.VelocityContainer;
import org.olat.core.gui.control.DefaultController;
import org.olat.core.gui.control.Event;
import org.olat.core.gui.control.WindowControl;
-import org.olat.core.gui.translator.PackageTranslator;
import org.olat.core.gui.translator.Translator;
import org.olat.core.util.Util;
public class CalendarExportController extends DefaultController {
- private static final String PACKAGE = Util.getPackageName(CalendarManager.class);
private static final String VELOCITY_ROOT = Util.getPackageVelocityRoot(CalendarManager.class);
private Translator translator;
@@ -50,21 +48,19 @@ public class CalendarExportController extends DefaultController {
public CalendarExportController(Locale locale, WindowControl wControl, String icalFeedLink) {
super(wControl);
- translator = new PackageTranslator(PACKAGE, locale);
+ translator = Util.createPackageTranslator(CalendarManager.class, locale);
colorVC = new VelocityContainer("calEdit", VELOCITY_ROOT + "/calIcalFeed.html", translator, this);
colorVC.contextPut("icalFeedLink", icalFeedLink);
-
setInitialComponent(colorVC);
}
public void event(UserRequest ureq, Component source, Event event) {
+ //
}
-
protected void doDispose() {
// nothing to dispose
}
-
}
diff --git a/src/main/java/org/olat/commons/calendar/ui/CalendarImportNameForm.java b/src/main/java/org/olat/commons/calendar/ui/CalendarImportNameForm.java
index 463ca0a9781..f49c001ced4 100644
--- a/src/main/java/org/olat/commons/calendar/ui/CalendarImportNameForm.java
+++ b/src/main/java/org/olat/commons/calendar/ui/CalendarImportNameForm.java
@@ -71,7 +71,7 @@ public class CalendarImportNameForm extends FormBasicController {
} else {
CalendarManager calManager = CalendarManagerFactory.getInstance().getCalendarManager();
String calID = ImportCalendarManager.getImportedCalendarID(identity, calendarName.getValue());
- if (calManager.calendarExists(calManager.TYPE_USER, calID)) {
+ if (calManager.calendarExists(CalendarManager.TYPE_USER, calID)) {
calendarName.setErrorKey("cal.import.calname.exists.error", null);
return false;
}
diff --git a/src/main/java/org/olat/commons/calendar/ui/CalendarPrintMapper.java b/src/main/java/org/olat/commons/calendar/ui/CalendarPrintMapper.java
index 32ff091a665..0adb1d37519 100644
--- a/src/main/java/org/olat/commons/calendar/ui/CalendarPrintMapper.java
+++ b/src/main/java/org/olat/commons/calendar/ui/CalendarPrintMapper.java
@@ -95,7 +95,7 @@ public class CalendarPrintMapper implements Mapper {
public MediaResource handle(String relPath, HttpServletRequest request) {
StringBuilder sb = new StringBuilder();
sb.append("<html><head><title>");
- sb.append("Hello");
+ sb.append("Calendar");
sb.append("</title>");
sb.append("<link href=\"").append(themeBaseUri).append("all/content.css\" rel=\"stylesheet\" type=\"text/css\" />\n");
sb.append("<link href=\"").append(themeBaseUri).append("layout.css\" rel=\"stylesheet\" type=\"text/css\" />\n");
@@ -243,7 +243,7 @@ public class CalendarPrintMapper implements Mapper {
sb.append("<div class=\"o_cal_location\"><span>\n");
sb.append(translator.translate("cal.form.location") + ": ");
if (!hidden) {
- sb.append(event.getLocation());
+ sb.append(StringHelper.escapeHtml(event.getLocation()));
}
sb.append("</span></div>\n");
}
diff --git a/src/main/java/org/olat/commons/calendar/ui/KalendarEntryDetailsController.java b/src/main/java/org/olat/commons/calendar/ui/KalendarEntryDetailsController.java
index 121d10a7ac1..5e232661499 100644
--- a/src/main/java/org/olat/commons/calendar/ui/KalendarEntryDetailsController.java
+++ b/src/main/java/org/olat/commons/calendar/ui/KalendarEntryDetailsController.java
@@ -141,9 +141,11 @@ public class KalendarEntryDetailsController extends BasicController {
// display link provider if any
String calendarID = eventForm.getChoosenKalendarID();
KalendarRenderWrapper calendarWrapper = null;
- for (Iterator iter = availableCalendars.iterator(); iter.hasNext();) {
- calendarWrapper = (KalendarRenderWrapper) iter.next();
- if (calendarWrapper.getKalendar().getCalendarID().equals(calendarID)) break;
+ for (Iterator<KalendarRenderWrapper> iter = availableCalendars.iterator(); iter.hasNext();) {
+ calendarWrapper = iter.next();
+ if (calendarWrapper.getKalendar().getCalendarID().equals(calendarID)) {
+ break;
+ }
}
if(activeLinkProvider == null) {
@@ -193,8 +195,8 @@ public class KalendarEntryDetailsController extends BasicController {
if (isNew) {
// this is a new event, add event to calendar
String calendarID = eventForm.getChoosenKalendarID();
- for (Iterator iter = availableCalendars.iterator(); iter.hasNext();) {
- KalendarRenderWrapper calendarWrapper = (KalendarRenderWrapper) iter.next();
+ for (Iterator<KalendarRenderWrapper> iter = availableCalendars.iterator(); iter.hasNext();) {
+ KalendarRenderWrapper calendarWrapper = iter.next();
if (!calendarWrapper.getKalendar().getCalendarID().equals(calendarID)) continue;
Kalendar cal = calendarWrapper.getKalendar();
boolean result = CalendarManagerFactory.getInstance().getCalendarManager().addEventTo(cal, kalendarEvent);
diff --git a/src/main/java/org/olat/commons/calendar/ui/KalendarEntryForm.java b/src/main/java/org/olat/commons/calendar/ui/KalendarEntryForm.java
index 63e14900edf..82213df79e5 100644
--- a/src/main/java/org/olat/commons/calendar/ui/KalendarEntryForm.java
+++ b/src/main/java/org/olat/commons/calendar/ui/KalendarEntryForm.java
@@ -353,7 +353,7 @@ public class KalendarEntryForm extends FormBasicController {
buf.append(" ");
buf.append(getTranslator().translate("cal.form.created.by"));
buf.append(" ");
- buf.append(event.getCreatedBy());
+ buf.append(StringHelper.escapeHtml(event.getCreatedBy()));
}
} else {
buf.append("-");
diff --git a/src/main/java/org/olat/commons/calendar/ui/components/KalendarRenderWrapper.java b/src/main/java/org/olat/commons/calendar/ui/components/KalendarRenderWrapper.java
index a51282c2599..4f9473a8e25 100644
--- a/src/main/java/org/olat/commons/calendar/ui/components/KalendarRenderWrapper.java
+++ b/src/main/java/org/olat/commons/calendar/ui/components/KalendarRenderWrapper.java
@@ -79,6 +79,7 @@ public class KalendarRenderWrapper {
*/
public KalendarRenderWrapper(Kalendar kalendar, KalendarConfig config, int access) {
this.kalendar = kalendar;
+ this.kalendarConfig = config;
this.access = access;
}
diff --git a/src/main/java/org/olat/commons/calendar/ui/events/KalendarGUIAddEvent.java b/src/main/java/org/olat/commons/calendar/ui/events/KalendarGUIAddEvent.java
index 745e7c5a0d7..6d9d5a77389 100644
--- a/src/main/java/org/olat/commons/calendar/ui/events/KalendarGUIAddEvent.java
+++ b/src/main/java/org/olat/commons/calendar/ui/events/KalendarGUIAddEvent.java
@@ -67,6 +67,7 @@ public class KalendarGUIAddEvent extends FormEvent {
super(CMD_ADD, item);
this.calendarID = calendarID;
this.startDate = startDate;
+ this.endDate = endDate;
this.allDayEvent = allDayEvent;
}
diff --git a/src/main/java/org/olat/commons/info/ui/CreateInfoStepController.java b/src/main/java/org/olat/commons/info/ui/CreateInfoStepController.java
index 7d2a48c4ad4..ab8ffafcb68 100644
--- a/src/main/java/org/olat/commons/info/ui/CreateInfoStepController.java
+++ b/src/main/java/org/olat/commons/info/ui/CreateInfoStepController.java
@@ -49,7 +49,7 @@ public class CreateInfoStepController extends StepFormBasicController {
this.runContext = runContext;
- infoEditFormController = new InfoEditFormController(ureq, wControl, rootForm);
+ infoEditFormController = new InfoEditFormController(ureq, wControl, rootForm, true);
listenTo(infoEditFormController);
initForm(ureq);
diff --git a/src/main/java/org/olat/commons/info/ui/InfoDisplayController.java b/src/main/java/org/olat/commons/info/ui/InfoDisplayController.java
index 3db93ca28da..39137b169fd 100644
--- a/src/main/java/org/olat/commons/info/ui/InfoDisplayController.java
+++ b/src/main/java/org/olat/commons/info/ui/InfoDisplayController.java
@@ -393,7 +393,8 @@ public class InfoDisplayController extends FormBasicController {
removeAsListenerAndDispose(editDialogBox);
editController = new InfoEditController(ureq, getWindowControl(), msg);
listenTo(editController);
- editDialogBox = new CloseableModalController(getWindowControl(), translate("edit"), editController.getInitialComponent());
+ editDialogBox = new CloseableModalController(getWindowControl(), translate("edit"),
+ editController.getInitialComponent(), true, translate("edit.title"), true);
editDialogBox.activate();
listenTo(editDialogBox);
}
diff --git a/src/main/java/org/olat/commons/info/ui/InfoEditController.java b/src/main/java/org/olat/commons/info/ui/InfoEditController.java
index b08cf34ad3f..b98ef00262b 100644
--- a/src/main/java/org/olat/commons/info/ui/InfoEditController.java
+++ b/src/main/java/org/olat/commons/info/ui/InfoEditController.java
@@ -57,7 +57,7 @@ public class InfoEditController extends FormBasicController {
this.messageToEdit = messageToEdit;
infoFrontendManager = CoreSpringFactory.getImpl(InfoMessageFrontendManager.class);
- editForm = new InfoEditFormController(ureq, wControl, mainForm);
+ editForm = new InfoEditFormController(ureq, wControl, mainForm, false);
editForm.setTitle(messageToEdit.getTitle());
editForm.setMessage(messageToEdit.getMessage());
listenTo(editForm);
diff --git a/src/main/java/org/olat/commons/info/ui/InfoEditFormController.java b/src/main/java/org/olat/commons/info/ui/InfoEditFormController.java
index c1eee081501..812da560e03 100644
--- a/src/main/java/org/olat/commons/info/ui/InfoEditFormController.java
+++ b/src/main/java/org/olat/commons/info/ui/InfoEditFormController.java
@@ -43,26 +43,22 @@ public class InfoEditFormController extends FormBasicController {
private TextElement title;
private RichTextElement message;
+ private final boolean showTitle;
- public InfoEditFormController(UserRequest ureq, WindowControl wControl) {
- super(ureq, wControl);
- initForm(ureq);
- }
-
- public InfoEditFormController(UserRequest ureq, WindowControl wControl, Form mainForm) {
+ public InfoEditFormController(UserRequest ureq, WindowControl wControl, Form mainForm, boolean showTitle) {
super(ureq, wControl, LAYOUT_DEFAULT, null, mainForm);
+ this.showTitle = showTitle;
initForm(ureq);
}
@Override
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
- setFormTitle("edit.title");
+ if(showTitle) {
+ setFormTitle("edit.title");
+ }
title = uifactory.addTextElement("info_title", "edit.info_title", 512, "", formLayout);
title.setMandatory(true);
- //message = uifactory.addTextAreaElement("edit.info_message", 6, 80, "", formLayout);
- //message.setMandatory(true);
- //message.setMaxLength(2000);
message = uifactory.addRichTextElementForStringDataMinimalistic("edit.info_message", "edit.info_message", "", 6, 80, false,
formLayout, ureq.getUserSession(), getWindowControl());
diff --git a/src/main/java/org/olat/commons/info/ui/_content/display.html b/src/main/java/org/olat/commons/info/ui/_content/display.html
index 88a126ec61a..73da820a765 100644
--- a/src/main/java/org/olat/commons/info/ui/_content/display.html
+++ b/src/main/java/org/olat/commons/info/ui/_content/display.html
@@ -22,7 +22,7 @@
#end
$r.render("info.date.${info.getKey()}")
<h5>$r.escapeHtml(${info.getTitle()})</h5>
- <p class="o_item_info">$info.getInfos()#if($info.isModified()), <span class="o_item_info_mod">$info.getModifier()</span>#end</p>
+ <p class="o_item_info">$info.getInfos()#if($info.isModified()), <span class="o_item_info_mod">$r.escapeHtml($info.getModifier())</span>#end</p>
<p></p>
#if($info.getMessage())
<p>$info.getMessage()</p>
diff --git a/src/main/java/org/olat/core/commons/modules/bc/components/ListRenderer.java b/src/main/java/org/olat/core/commons/modules/bc/components/ListRenderer.java
index b5f6395eff7..3690aeb2243 100644
--- a/src/main/java/org/olat/core/commons/modules/bc/components/ListRenderer.java
+++ b/src/main/java/org/olat/core/commons/modules/bc/components/ListRenderer.java
@@ -325,9 +325,9 @@ public class ListRenderer {
author = UserManager.getInstance().getUserDisplayName(author);
} else {
author = null;
- }
-
+ }
}
+ author = StringHelper.escapeHtml(author);
if (StringHelper.containsNonWhitespace(author)) {
sb.append("<p class=\"b_briefcase_author\">").append(Formatter.escapeDoubleQuotes(translator.translate("mf.author")));
sb.append(": ").append(Formatter.escapeDoubleQuotes(author)).append("</p>");
diff --git a/src/main/java/org/olat/core/commons/modules/bc/meta/MetaInfoFormController.java b/src/main/java/org/olat/core/commons/modules/bc/meta/MetaInfoFormController.java
index 13492899161..221a7e70927 100644
--- a/src/main/java/org/olat/core/commons/modules/bc/meta/MetaInfoFormController.java
+++ b/src/main/java/org/olat/core/commons/modules/bc/meta/MetaInfoFormController.java
@@ -177,22 +177,27 @@ public class MetaInfoFormController extends FormBasicController {
}
// title
- title = uifactory.addTextElement("title", "mf.title", -1, (meta != null ? meta.getTitle() : null), formLayout);
+ String t = StringHelper.escapeHtml(meta != null ? meta.getTitle() : null);
+ title = uifactory.addTextElement("title", "mf.title", -1, t, formLayout);
// comment/description
comment = uifactory.addTextAreaElement("comment", "mf.comment", -1, 3, 1, true, (meta != null ? meta.getComment() : null), formLayout);
// creator
- creator = uifactory.addTextElement("creator", "mf.creator", -1, (meta != null ? meta.getCreator() : null), formLayout);
+ String c = StringHelper.escapeHtml(meta != null ? meta.getCreator() : null);
+ creator = uifactory.addTextElement("creator", "mf.creator", -1, c, formLayout);
// publisher
- publisher = uifactory.addTextElement("publisher", "mf.publisher", -1, (meta != null ? meta.getPublisher() : null), formLayout);
+ String p = StringHelper.escapeHtml(meta != null ? meta.getPublisher() : null);
+ publisher = uifactory.addTextElement("publisher", "mf.publisher", -1, p, formLayout);
// source/origin
- source = uifactory.addTextElement("source", "mf.source", -1, (meta != null ? meta.getSource() : null), formLayout);
+ String s = StringHelper.escapeHtml(meta != null ? meta.getSource() : null);
+ source = uifactory.addTextElement("source", "mf.source", -1, s, formLayout);
// city
- city = uifactory.addTextElement("city", "mf.city", -1, (meta != null ? meta.getCity() : null), formLayout);
+ String ci = StringHelper.escapeHtml(meta != null ? meta.getCity() : null);
+ city = uifactory.addTextElement("city", "mf.city", -1, ci, formLayout);
// publish date
FormLayoutContainer publicationDate = FormLayoutContainer.createHorizontalFormLayout("publicationDateLayout", getTranslator());
@@ -277,7 +282,7 @@ public class MetaInfoFormController extends FormBasicController {
}
// username
- String author = meta == null ? "" : meta.getHTMLFormattedAuthor();
+ String author = StringHelper.escapeHtml(meta == null ? "" : meta.getHTMLFormattedAuthor());
uifactory.addStaticTextElement("mf.author", author, formLayout);
// filesize
diff --git a/src/main/java/org/olat/core/commons/modules/glossary/GlossaryFlexionController.java b/src/main/java/org/olat/core/commons/modules/glossary/GlossaryFlexionController.java
index 1df6cc5ec83..30884d5896a 100644
--- a/src/main/java/org/olat/core/commons/modules/glossary/GlossaryFlexionController.java
+++ b/src/main/java/org/olat/core/commons/modules/glossary/GlossaryFlexionController.java
@@ -62,7 +62,7 @@ public class GlossaryFlexionController extends FormBasicController {
private FormItem flexButton;
private MultipleSelectionElement existingFlexions;
private MorphologicalService morphService;
- private ArrayList<String> flexionsMSResult = null;
+ private List<String> flexionsMSResult = null;
private FormLink selectAllLink;
private FormLink deselectAllLink;
private String morphServicePresetIdent;
@@ -177,7 +177,6 @@ public class GlossaryFlexionController extends FormBasicController {
}
@Override
- @SuppressWarnings("unused")
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
setFormTitle("flexions.title");
@@ -204,7 +203,8 @@ public class GlossaryFlexionController extends FormBasicController {
}
//combining flexion list from already existing and newly fetched
- ArrayList<String> glossItemFlexions = (ArrayList<String>) glossaryItem.getGlossFlexions().clone();
+ @SuppressWarnings("unchecked")
+ List<String> glossItemFlexions = (List<String>) glossaryItem.getGlossFlexions().clone();
if (glossItemFlexions.size() != 0 || flexionsMSResult != null) {
String[] existingKeys = ArrayHelper.toArray(glossItemFlexions);
if (flexionsMSResult != null) glossItemFlexions.addAll(flexionsMSResult);
@@ -233,9 +233,8 @@ public class GlossaryFlexionController extends FormBasicController {
* internal method to remove Duplicates from list
* @param arlList
*/
- @SuppressWarnings("unchecked")
- private static void removeDuplicate(ArrayList<String> arlList) {
- HashSet<String> h = new HashSet<String>(arlList);
+ private static void removeDuplicate(List<String> arlList) {
+ Set<String> h = new HashSet<String>(arlList);
arlList.clear();
arlList.addAll(h);
}
diff --git a/src/main/java/org/olat/core/commons/modules/glossary/GlossaryMainController.java b/src/main/java/org/olat/core/commons/modules/glossary/GlossaryMainController.java
index dfbf191ffef..b6ea8826fc1 100644
--- a/src/main/java/org/olat/core/commons/modules/glossary/GlossaryMainController.java
+++ b/src/main/java/org/olat/core/commons/modules/glossary/GlossaryMainController.java
@@ -87,6 +87,7 @@ public class GlossaryMainController extends BasicController implements Activatea
private static final String CMD_MODIFIER = "cmd.modifier.";
private static final String REGISTER_LINK = "register.link.";
private final Formatter formatter;
+ private final UserManager userManager;
public GlossaryMainController(WindowControl control, UserRequest ureq, VFSContainer glossaryFolder, OLATResourceable res,
GlossarySecurityCallback glossarySecCallback, boolean eventProfil) {
@@ -99,6 +100,7 @@ public class GlossaryMainController extends BasicController implements Activatea
ThreadLocalUserActivityLogger.log(LearningResourceLoggingAction.LEARNING_RESOURCE_OPEN, getClass());
glistVC = createVelocityContainer("glossarylist");
+ userManager = CoreSpringFactory.getImpl(UserManager.class);
formatter = Formatter.getInstance(getLocale());
glossaryItemList = GlossaryItemManager.getInstance().getGlossaryItemListByVFSItem(glossaryFolder);
@@ -228,6 +230,7 @@ public class GlossaryMainController extends BasicController implements Activatea
private void openProfil(UserRequest ureq, String pos, boolean author) {
int id = Integer.parseInt(pos);
+ @SuppressWarnings("unchecked")
List<GlossaryItemWrapper> wrappers = (List<GlossaryItemWrapper>)glistVC.getContext().get("editAndDelButtonList");
for(GlossaryItemWrapper wrapper:wrappers) {
if(id == wrapper.getId()) {
@@ -337,8 +340,8 @@ public class GlossaryMainController extends BasicController implements Activatea
// try to get lock for this glossary
lockEntry = CoordinatorManager.getInstance().getCoordinator().getLocker().acquireLock(resourceable, ureq.getIdentity(), "GlossaryEdit");
if (!lockEntry.isSuccess()) {
- String fullName = CoreSpringFactory.getImpl(UserManager.class).getUserDisplayName(lockEntry.getOwner());
- showInfo("glossary.locked", fullName);
+ String fullName = userManager.getUserDisplayName(lockEntry.getOwner());
+ showInfo("glossary.locked", StringHelper.escapeHtml(fullName));
glistVC.contextPut("editModeEnabled", Boolean.FALSE);
}
}
diff --git a/src/main/java/org/olat/core/commons/modules/glossary/GlossaryTermAndSynonymController.java b/src/main/java/org/olat/core/commons/modules/glossary/GlossaryTermAndSynonymController.java
index 408f484c00e..e9ef7456949 100644
--- a/src/main/java/org/olat/core/commons/modules/glossary/GlossaryTermAndSynonymController.java
+++ b/src/main/java/org/olat/core/commons/modules/glossary/GlossaryTermAndSynonymController.java
@@ -25,6 +25,7 @@ import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
+import java.util.Set;
import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.form.flexible.FormItem;
@@ -231,9 +232,8 @@ public class GlossaryTermAndSynonymController extends FormBasicController {
// nothing to do
}
- @SuppressWarnings("unchecked")
private static void removeDuplicate(ArrayList<String> arlList) {
- HashSet h = new HashSet(arlList);
+ Set<String> h = new HashSet<String>(arlList);
arlList.clear();
arlList.addAll(h);
}
diff --git a/src/main/java/org/olat/core/commons/modules/glossary/_content/glossarylist.html b/src/main/java/org/olat/core/commons/modules/glossary/_content/glossarylist.html
index c99f6dc6253..443cc4fa644 100644
--- a/src/main/java/org/olat/core/commons/modules/glossary/_content/glossarylist.html
+++ b/src/main/java/org/olat/core/commons/modules/glossary/_content/glossarylist.html
@@ -39,7 +39,7 @@
#if($glossaryItem.authorCmd)
<a href="$r.commandURI($glossaryItem.authorCmd)" target="o_glossary_profil" onclick="return o2cl()">$glossaryItem.authorName</a>
#else
- <a href="$glossaryItem.authorLink" class="">$glossaryItem.authorName</a>#end
+ <a href="$glossaryItem.authorLink" class="">$r.escapeHtml($glossaryItem.authorName)</a>#end
${glossaryItem.creationDate}
#if($glossaryItem.hasModifier()), #end</span>
#end
@@ -48,7 +48,7 @@
#if($glossaryItem.modifierCmd)
<a href="$r.commandURI($glossaryItem.modifierCmd)" target="o_glossary_profil" onclick="return o2cl()" >$glossaryItem.modifierName</a>
#else
- <a href="$glossaryItem.modifierLink" class="">$glossaryItem.modifierName</a>
+ <a href="$glossaryItem.modifierLink" class="">$r.escapeHtml($glossaryItem.modifierName)</a>
#end
$glossaryItem.lastModificationDate</span>
#end
diff --git a/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalService.java b/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalService.java
index 6a4e74cc022..5c8b0538a86 100644
--- a/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalService.java
+++ b/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalService.java
@@ -20,7 +20,7 @@
package org.olat.core.commons.modules.glossary.morphService;
-import java.util.ArrayList;
+import java.util.List;
/**
* Description:<br>
@@ -43,7 +43,7 @@ public interface MorphologicalService {
* @param word a single word or a wordgroup
* @return list of flexions found with a morphological service
*/
- public ArrayList<String> getFlexions(String partOfSpeech, String word);
+ public List<String> getFlexions(String partOfSpeech, String word);
/**
* same as getFlexions(String partOfSpeech, String word)
@@ -51,7 +51,7 @@ public interface MorphologicalService {
* @param word
* @return
*/
- public ArrayList<String> getFlexions(String word);
+ public List<String> getFlexions(String word);
/**
* returns part-of-speech for a given word or wordgroup
diff --git a/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalServiceDEImpl.java b/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalServiceDEImpl.java
index d99474cb45a..f656a0aeb86 100644
--- a/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalServiceDEImpl.java
+++ b/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalServiceDEImpl.java
@@ -65,14 +65,15 @@ public class MorphologicalServiceDEImpl implements MorphologicalService {
*
*/
public MorphologicalServiceDEImpl() {
- // TODO Auto-generated constructor stub
+ //
}
/**
*
* @see org.olat.core.commons.modules.glossary.morphService.FlexionServiceClient#getFlexions(java.lang.String)
*/
- public ArrayList<String> getFlexions(String word) {
+ @Override
+ public List<String> getFlexions(String word) {
return getFlexions(assumePartOfSpeech(word), word);
}
@@ -81,7 +82,8 @@ public class MorphologicalServiceDEImpl implements MorphologicalService {
* @see org.olat.core.commons.modules.glossary.morphService.FlexionServiceClient#getFlexions(java.lang.String,
* java.lang.String)
*/
- public ArrayList<String> getFlexions(String partOfSpeech, String word) {
+ @Override
+ public List<String> getFlexions(String partOfSpeech, String word) {
InputStream xmlReplyStream = retreiveXMLReply(partOfSpeech, word);
XStream xstream = XStreamHelper.createXStreamInstance();
xstream.alias("xml", FlexionReply.class);
@@ -106,6 +108,7 @@ public class MorphologicalServiceDEImpl implements MorphologicalService {
*
* @see org.olat.core.commons.modules.glossary.morphService.FlexionServiceClient#assumePartOfSpeech(java.lang.String)
*/
+ @Override
public String assumePartOfSpeech(String glossTerm) {
if (glossTerm.contains(",")) {
// assume the form "House, beautiful"
diff --git a/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalServiceFRImpl.java b/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalServiceFRImpl.java
index 4b06b3682ad..18b9b926979 100644
--- a/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalServiceFRImpl.java
+++ b/src/main/java/org/olat/core/commons/modules/glossary/morphService/MorphologicalServiceFRImpl.java
@@ -57,11 +57,8 @@ public class MorphologicalServiceFRImpl extends LogDelegator implements Morpholo
private String replyStatus = "";
- /**
- *
- */
public MorphologicalServiceFRImpl() {
- // TODO Auto-generated constructor stub
+ //
}
/**
@@ -69,7 +66,8 @@ public class MorphologicalServiceFRImpl extends LogDelegator implements Morpholo
* @see org.olat.core.commons.modules.glossary.morphService.FlexionServiceClient#getFlexions(java.lang.String,
* java.lang.String)
*/
- public ArrayList<String> getFlexions(String word) {
+ @Override
+ public List<String> getFlexions(String word) {
InputStream xmlReplyStream = retreiveXMLReply(word);
XStream xstream = XStreamHelper.createXStreamInstance();
xstream.alias("xml", FlexionReply.class);
@@ -127,6 +125,7 @@ public class MorphologicalServiceFRImpl extends LogDelegator implements Morpholo
*
* @see org.olat.core.commons.modules.glossary.morphService.FlexionServiceClient#getReplyStatus()
*/
+ @Override
public String getReplyStatus() {
return replyStatus;
}
@@ -144,6 +143,7 @@ public class MorphologicalServiceFRImpl extends LogDelegator implements Morpholo
*
* @see org.olat.core.commons.modules.glossary.morphService.FlexionServiceManager#getFlexionServiceDescriptor()
*/
+ @Override
public String getMorphServiceDescriptor() {
return SERVICE_NAME;
}
@@ -158,7 +158,7 @@ public class MorphologicalServiceFRImpl extends LogDelegator implements Morpholo
@Override
- public ArrayList<String> getFlexions(String partOfSpeech, String word) {
+ public List<String> getFlexions(String partOfSpeech, String word) {
return getFlexions(word);
}
diff --git a/src/main/java/org/olat/core/gui/components/textboxlist/TextBoxListComponent.java b/src/main/java/org/olat/core/gui/components/textboxlist/TextBoxListComponent.java
index 07b5abb4f3b..e2dadd36a21 100644
--- a/src/main/java/org/olat/core/gui/components/textboxlist/TextBoxListComponent.java
+++ b/src/main/java/org/olat/core/gui/components/textboxlist/TextBoxListComponent.java
@@ -393,7 +393,7 @@ public abstract class TextBoxListComponent extends FormBaseComponentImpl {
Map<String, String> autoCont = getAutoCompleteContent();
if (autoCont != null) {
for (String item : autoCont.keySet()) {
- array.put(autoCont.get(item));
+ array.put(StringHelper.escapeHtml(autoCont.get(item)));
}
}
} catch (Exception e) {
diff --git a/src/main/java/org/olat/core/gui/control/floatingresizabledialog/FloatingResizableDialogController.java b/src/main/java/org/olat/core/gui/control/floatingresizabledialog/FloatingResizableDialogController.java
index b92f56cfed5..3e87c395d48 100644
--- a/src/main/java/org/olat/core/gui/control/floatingresizabledialog/FloatingResizableDialogController.java
+++ b/src/main/java/org/olat/core/gui/control/floatingresizabledialog/FloatingResizableDialogController.java
@@ -130,13 +130,16 @@ public class FloatingResizableDialogController extends BasicController {
wrapper.put("layout", jsAndCssComp);
}
+ String escapedTitle = StringHelper.escapeHtml(title);
+ escapedTitle = StringHelper.escapeJavaScript(title);
+
panelName = "o_extjsPanel_" + (uniquePanelName == null ? hashCode() : uniquePanelName);
wrapper.contextPut("panelName", panelName);
wrapper.contextPut("width", this.width);
wrapper.contextPut("height", this.height);
wrapper.contextPut("offsetX", this.offsetX);
wrapper.contextPut("offsetY", this.offsetY);
- wrapper.contextPut("title", title);
+ wrapper.contextPut("title", escapedTitle);
wrapper.contextPut("collabsibleContentPanelTitel", StringEscapeUtils.escapeHtml(collabsibleContentPanelTitel));
wrapper.contextPut("resizable", resizable);
wrapper.contextPut("constrain", constrain);
diff --git a/src/main/java/org/olat/core/gui/control/generic/ajax/autocompletion/AutoCompleterListReceiver.java b/src/main/java/org/olat/core/gui/control/generic/ajax/autocompletion/AutoCompleterListReceiver.java
index d6f75c8e434..9b5458a4268 100644
--- a/src/main/java/org/olat/core/gui/control/generic/ajax/autocompletion/AutoCompleterListReceiver.java
+++ b/src/main/java/org/olat/core/gui/control/generic/ajax/autocompletion/AutoCompleterListReceiver.java
@@ -25,6 +25,7 @@ import org.json.JSONObject;
import org.olat.core.gui.util.CSSHelper;
import org.olat.core.logging.AssertException;
import org.olat.core.logging.LogDelegator;
+import org.olat.core.util.StringHelper;
/**
*
@@ -97,7 +98,7 @@ public class AutoCompleterListReceiver extends LogDelegator implements ListRecei
}
}
// add value to be displayed
- object.put(VALUE, displayText);
+ object.put(VALUE, StringHelper.escapeHtml(displayText));
// add optional css class
if (iconCssClass == null) {
object.put(CSS_CLASS, CSS_CLASS_EMPTY);
diff --git a/src/main/java/org/olat/core/gui/control/generic/modal/DialogBoxUIFactory.java b/src/main/java/org/olat/core/gui/control/generic/modal/DialogBoxUIFactory.java
index 021a55bf184..0d9d10495dc 100644
--- a/src/main/java/org/olat/core/gui/control/generic/modal/DialogBoxUIFactory.java
+++ b/src/main/java/org/olat/core/gui/control/generic/modal/DialogBoxUIFactory.java
@@ -35,6 +35,7 @@ import org.olat.core.gui.control.WindowControl;
import org.olat.core.gui.translator.Translator;
import org.olat.core.logging.AssertException;
import org.olat.core.util.Formatter;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.Util;
import org.olat.core.util.coordinate.LockResult;
import org.olat.user.UserManager;
@@ -119,7 +120,7 @@ public class DialogBoxUIFactory {
throw new AssertException("do not create a 'is locked message' if lock was succesfull! concerns lock:"+lockEntry.getOwner());
}
String fullName = CoreSpringFactory.getImpl(UserManager.class).getUserDisplayName(lockEntry.getOwner());
- String[] i18nParams = new String[] { fullName,
+ String[] i18nParams = new String[] { StringHelper.escapeHtml(fullName),
Formatter.getInstance(ureq.getLocale()).formatTime(new Date(lockEntry.getLockAquiredTime())) };
String lockMsg = translator.translate(i18nLockMsgKey, i18nParams);
diff --git a/src/main/java/org/olat/core/gui/render/velocity/VelocityRenderDecorator.java b/src/main/java/org/olat/core/gui/render/velocity/VelocityRenderDecorator.java
index 3a6e68071af..28b216b6a1a 100644
--- a/src/main/java/org/olat/core/gui/render/velocity/VelocityRenderDecorator.java
+++ b/src/main/java/org/olat/core/gui/render/velocity/VelocityRenderDecorator.java
@@ -42,6 +42,7 @@ import org.olat.core.gui.translator.PackageTranslator;
import org.olat.core.gui.translator.Translator;
import org.olat.core.helpers.Settings;
import org.olat.core.util.Formatter;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.filter.Filter;
import org.olat.core.util.filter.FilterFactory;
import org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter;
@@ -483,7 +484,7 @@ public class VelocityRenderDecorator {
* Escapes the characters in a String for JavaScript use.
*/
public String escapeJavaScript(String str) {
- return StringEscapeUtils.escapeJavaScript(str);
+ return StringHelper.escapeJavaScript(str);
}
/**
@@ -495,7 +496,7 @@ public class VelocityRenderDecorator {
if(str == null) {
return "";
}
- return StringEscapeUtils.escapeHtml(str);
+ return StringHelper.escapeHtml(str);
}
public String xssScan(String str) {
diff --git a/src/main/java/org/olat/core/util/StringHelper.java b/src/main/java/org/olat/core/util/StringHelper.java
index a9a2e101d33..63e499abab2 100644
--- a/src/main/java/org/olat/core/util/StringHelper.java
+++ b/src/main/java/org/olat/core/util/StringHelper.java
@@ -357,6 +357,18 @@ public class StringHelper {
public static final String xssScan(String str) {
return new OWASPAntiSamyXSSFilter().filter(str);
}
+
+ public static final String escapeJavaScript(String str) {
+ return StringEscapeUtils.escapeJavaScript(str);
+ }
+
+ public static final void escapeJavaScript(Writer writer, String str) {
+ try {
+ StringEscapeUtils.escapeJavaScript(writer, str);
+ } catch (IOException e) {
+ log.error("Error escaping JavaScript", e);
+ }
+ }
/**
* @param cellValue
diff --git a/src/main/java/org/olat/core/util/mail/ui/MailController.java b/src/main/java/org/olat/core/util/mail/ui/MailController.java
index 1df230da38d..ec0fd567800 100644
--- a/src/main/java/org/olat/core/util/mail/ui/MailController.java
+++ b/src/main/java/org/olat/core/util/mail/ui/MailController.java
@@ -37,9 +37,6 @@ import org.olat.core.gui.components.link.Link;
import org.olat.core.gui.control.Controller;
import org.olat.core.gui.control.Event;
import org.olat.core.gui.control.WindowControl;
-import org.olat.core.id.Identity;
-import org.olat.core.id.User;
-import org.olat.core.id.UserConstants;
import org.olat.core.util.StringHelper;
import org.olat.core.util.Util;
import org.olat.core.util.filter.impl.OWASPAntiSamyXSSFilter;
@@ -48,6 +45,7 @@ import org.olat.core.util.mail.MailModule;
import org.olat.core.util.mail.model.DBMail;
import org.olat.core.util.mail.model.DBMailAttachment;
import org.olat.core.util.mail.model.DBMailRecipient;
+import org.olat.user.UserManager;
/**
*
@@ -66,6 +64,7 @@ public class MailController extends FormBasicController {
private final DBMail mail;
private final List<DBMailAttachment> attachments;
private final MailManager mailManager;
+ private final UserManager userManager;
public MailController(UserRequest ureq, WindowControl wControl, DBMail mail, boolean back) {
super(ureq, wControl, LAYOUT_VERTICAL);
@@ -73,6 +72,7 @@ public class MailController extends FormBasicController {
this.mail = mail;
this.back = back;
mailManager = CoreSpringFactory.getImpl(MailManager.class);
+ userManager = CoreSpringFactory.getImpl(UserManager.class);
attachments = mailManager.getAttachments(mail);
if(!attachments.isEmpty()) {
mapperBaseURI = registerMapper(ureq, new MailAttachmentMapper(mailManager));
@@ -100,7 +100,7 @@ public class MailController extends FormBasicController {
String subject = StringHelper.escapeHtml(mail.getSubject());
uifactory.addStaticTextElement("subject", "mail.subject", subject, formLayout);
- String from = getFullName(mail.getFrom());
+ String from = StringHelper.escapeHtml(getFullName(mail.getFrom()));
uifactory.addStaticTextElement("from", "mail.from", from, formLayout);
String recipients = getRecipients();
@@ -141,18 +141,7 @@ public class MailController extends FormBasicController {
private String getFullName(DBMailRecipient recipient) {
if(recipient == null) return "";
- return getFullName(recipient.getRecipient());
- }
-
- private String getFullName(Identity identity) {
- StringBuilder sb = new StringBuilder();
- if(identity != null) {
- User user = identity.getUser();
- sb.append(user.getProperty(UserConstants.LASTNAME, null))
- .append(" ")
- .append(user.getProperty(UserConstants.FIRSTNAME, null));
- }
- return sb.toString();
+ return userManager.getUserDisplayName(recipient.getRecipient());
}
private String formattedBody() {
diff --git a/src/main/java/org/olat/core/util/mail/ui/MailFromCellRenderer.java b/src/main/java/org/olat/core/util/mail/ui/MailFromCellRenderer.java
index db4d381f0bb..7c1e801bfd0 100644
--- a/src/main/java/org/olat/core/util/mail/ui/MailFromCellRenderer.java
+++ b/src/main/java/org/olat/core/util/mail/ui/MailFromCellRenderer.java
@@ -22,6 +22,7 @@ package org.olat.core.util.mail.ui;
import java.util.Locale;
import java.util.UUID;
+import org.olat.core.CoreSpringFactory;
import org.olat.core.gui.components.link.Link;
import org.olat.core.gui.components.link.LinkFactory;
import org.olat.core.gui.components.table.CustomCellRenderer;
@@ -33,8 +34,8 @@ import org.olat.core.gui.render.StringOutput;
import org.olat.core.gui.render.URLBuilder;
import org.olat.core.gui.translator.Translator;
import org.olat.core.id.Identity;
-import org.olat.core.id.User;
-import org.olat.core.id.UserConstants;
+import org.olat.core.util.StringHelper;
+import org.olat.user.UserManager;
/**
*
@@ -50,32 +51,32 @@ public class MailFromCellRenderer implements CustomCellRenderer {
private final Translator translator;
private VelocityContainer container;
private final Controller listeningController;
+ private final UserManager userManager;
public MailFromCellRenderer(Controller listeningController, VelocityContainer container, Translator translator) {
this.listeningController = listeningController;
this.container = container;
this.translator = translator;
+ userManager = CoreSpringFactory.getImpl(UserManager.class);
}
@Override
public void render(StringOutput sb, Renderer renderer, Object val, Locale locale, int alignment, String action) {
if(val instanceof Identity) {
Identity identity = (Identity)val;
- User user = identity.getUser();
- String fullName = user.getProperty(UserConstants.LASTNAME, null) + " " + user.getProperty(UserConstants.FIRSTNAME, null);
-
+ String fullName = userManager.getUserDisplayName(identity);
if(renderer == null) {
- sb.append(fullName);
+ sb.appendHtmlEscaped(fullName);
} else {
Link link = LinkFactory.createLink("bp_" + UUID.randomUUID().toString(), container, listeningController);
- link.setCustomDisplayText(fullName);
+ link.setCustomDisplayText(StringHelper.escapeHtml(fullName));
link.setUserObject("[Identity:" + identity.getKey() + "]");
URLBuilder ubu = renderer.getUrlBuilder().createCopyFor(link);
RenderResult renderResult = new RenderResult();
link.getHTMLRendererSingleton().render(renderer, sb, link, ubu, translator, renderResult, null);
}
} else if (val instanceof String) {
- sb.append("<span>").append((String)val).append("</span>");
+ sb.append("<span>").appendHtmlEscaped((String)val).append("</span>");
}
}
}
diff --git a/src/main/java/org/olat/course/assessment/_content/detailview.html b/src/main/java/org/olat/course/assessment/_content/detailview.html
index 9efb61094b7..27904268fa2 100644
--- a/src/main/java/org/olat/course/assessment/_content/detailview.html
+++ b/src/main/java/org/olat/course/assessment/_content/detailview.html
@@ -13,7 +13,7 @@ $r.render("backLink")
<table class="b_table">
<tr>
<td>
- <span class="b_with_small_icon_left b_user_icon">$user.getProperty("firstName", $locale) $user.getProperty("lastName", $locale)</span>
+ <span class="b_with_small_icon_left b_user_icon">$r.escapeHtml($user.getProperty("firstName", $locale)) $r.escapeHtml($user.getProperty("lastName", $locale))</span>
</td>
<td>
$user.getProperty("email", $locale)
@@ -21,10 +21,10 @@ $r.render("backLink")
/ $user.getProperty("institutionalEmail", $locale)
#end
#if ($user.getProperty("institutionalName", $locale))
- <br />$user.getProperty("institutionalName", $locale)
+ <br />$r.escapeHtml($user.getProperty("institutionalName", $locale))
#end
#if ($user.getProperty("institutionalUserIdentifier", $locale))
- <br />$user.getProperty("institutionalUserIdentifier", $locale)
+ <br />$r.escapeHtml($user.getProperty("institutionalUserIdentifier", $locale))
#end
</td>
</tr>
diff --git a/src/main/java/org/olat/course/assessment/_content/identityoverview.html b/src/main/java/org/olat/course/assessment/_content/identityoverview.html
index 558c8da7b41..dbaa17ad4a9 100644
--- a/src/main/java/org/olat/course/assessment/_content/identityoverview.html
+++ b/src/main/java/org/olat/course/assessment/_content/identityoverview.html
@@ -6,7 +6,7 @@
#if($user)
<span class="b_with_small_icon_left b_user_icon">
- $user.getProperty("firstName", $locale) $user.getProperty("lastName", $locale)
+ $r.escapeHtml($user.getProperty("firstName", $locale)) $r.escapeHtml($user.getProperty("lastName", $locale))
</span>
<br />
<a href="mailto:$user.getProperty("email", $locale)" class="b_link_mailto">$user.getProperty("email", $locale)</a>
@@ -17,11 +17,11 @@
#if ($user.getProperty("institutionalName", $locale))
<br />
<span class="b_with_small_icon_left b_institution_icon">
- $user.getProperty("institutionalName", $locale)
+ $r.escapeHtml($user.getProperty("institutionalName", $locale))
</span>
#end
#if ($user.getProperty("institutionalUserIdentifier", $locale))
- ($user.getProperty("institutionalUserIdentifier", $locale))
+ $r.escapeHtml($user.getProperty("institutionalUserIdentifier", $locale)))
#end
#end
$r.render("assessmentOverviewTable")
\ No newline at end of file
diff --git a/src/main/java/org/olat/course/nodes/fo/_content/peekview.html b/src/main/java/org/olat/course/nodes/fo/_content/peekview.html
index 5b76cf07ffe..677d78df4f2 100644
--- a/src/main/java/org/olat/course/nodes/fo/_content/peekview.html
+++ b/src/main/java/org/olat/course/nodes/fo/_content/peekview.html
@@ -6,7 +6,7 @@
</h5>
<div class="o_peekview_author">
#set($user=$message.getCreator().getUser())
- $user.getProperty("firstName", null) $user.getProperty("lastName", null)
+ $r.escapeHtml($user.getProperty("firstName", null)) $r.escapeHtml($user.getProperty("lastName", null))
($formatter.formatDateAndTime($message.getCreationDate()))
</div>
$r.formatLatexFormulas($message.getBody())
diff --git a/src/main/java/org/olat/course/nodes/projectbroker/ProjectBrokerReturnboxController.java b/src/main/java/org/olat/course/nodes/projectbroker/ProjectBrokerReturnboxController.java
index acb915de171..92c0668fef3 100644
--- a/src/main/java/org/olat/course/nodes/projectbroker/ProjectBrokerReturnboxController.java
+++ b/src/main/java/org/olat/course/nodes/projectbroker/ProjectBrokerReturnboxController.java
@@ -35,7 +35,6 @@ import org.olat.course.nodes.projectbroker.datamodel.Project;
import org.olat.course.nodes.ta.ReturnboxController;
import org.olat.course.run.environment.CourseEnvironment;
import org.olat.course.run.userview.UserCourseEnvironment;
-import org.olat.modules.ModuleConfiguration;
/**
*
@@ -55,11 +54,11 @@ public class ProjectBrokerReturnboxController extends ReturnboxController {
* @param userCourseEnv
* @param previewMode
*/
- public ProjectBrokerReturnboxController(UserRequest ureq, WindowControl wControl, ModuleConfiguration config,
+ public ProjectBrokerReturnboxController(UserRequest ureq, WindowControl wControl,
CourseNode node, UserCourseEnvironment userCourseEnv, boolean previewMode, Project project) {
- super(ureq, wControl, config, node, userCourseEnv, previewMode, false);
+ super(ureq, wControl, node, userCourseEnv, previewMode, false);
this.project = project;
- initReturnbox(ureq, wControl, config, node, userCourseEnv, previewMode);
+ initReturnbox(ureq, wControl, node, userCourseEnv, previewMode);
}
/**
diff --git a/src/main/java/org/olat/course/nodes/projectbroker/ProjectFolderController.java b/src/main/java/org/olat/course/nodes/projectbroker/ProjectFolderController.java
index 654d44de9d3..566dc500323 100644
--- a/src/main/java/org/olat/course/nodes/projectbroker/ProjectFolderController.java
+++ b/src/main/java/org/olat/course/nodes/projectbroker/ProjectFolderController.java
@@ -58,7 +58,7 @@ import org.olat.modules.ModuleConfiguration;
public class ProjectFolderController extends BasicController {
private ModuleConfiguration config;
- private boolean hasDropbox, hasScoring, hasReturnbox;
+ private boolean hasDropbox, hasReturnbox;
private VelocityContainer content;
private DropboxController dropboxController;
private Controller dropboxEditController;
@@ -88,7 +88,6 @@ public class ProjectFolderController extends BasicController {
// if (hasScoring){
// hasScoring = ne.isCapabilityAccessible("scoring");
// }
- hasScoring = false;
// no call 'ne.isCapabilityAccessible(ProjectBrokerCourseNode.ACCESS_DROPBOX);' because no dropbox/returnbox conditions
if (!hasDropbox && !hasReturnbox ) {
// nothing to show => Show text message no folder
@@ -112,7 +111,7 @@ public class ProjectFolderController extends BasicController {
}
if (hasReturnbox) {
if (!ProjectBrokerManagerFactory.getProjectGroupManager().isProjectManager(ureq.getIdentity(), project)) {
- returnboxController = new ProjectBrokerReturnboxController(ureq, wControl, config, ne.getCourseNode(), userCourseEnv, previewMode,project);
+ returnboxController = new ProjectBrokerReturnboxController(ureq, wControl, ne.getCourseNode(), userCourseEnv, previewMode,project);
content.put("returnboxController", returnboxController.getInitialComponent());
content.contextPut("hasReturnbox", Boolean.TRUE);
}
@@ -164,11 +163,8 @@ public class ProjectFolderController extends BasicController {
private void readConfig(ModuleConfiguration modConfig) {
Boolean bValue = (Boolean)modConfig.get(ProjectBrokerCourseNode.CONF_DROPBOX_ENABLED);
hasDropbox = (bValue != null) ? bValue.booleanValue() : false;
- bValue = (Boolean)modConfig.get(ProjectBrokerCourseNode.CONF_SCORING_ENABLED);
- hasScoring = (bValue != null) ? bValue.booleanValue() : false;
bValue = (Boolean)modConfig.get(ProjectBrokerCourseNode.CONF_RETURNBOX_ENABLED);
hasReturnbox = (bValue != null) ? bValue.booleanValue() : false;
-
}
/**
diff --git a/src/main/java/org/olat/course/nodes/ta/DropboxScoringViewController.java b/src/main/java/org/olat/course/nodes/ta/DropboxScoringViewController.java
index d506ee3ff7b..7d2beaf2615 100644
--- a/src/main/java/org/olat/course/nodes/ta/DropboxScoringViewController.java
+++ b/src/main/java/org/olat/course/nodes/ta/DropboxScoringViewController.java
@@ -58,6 +58,7 @@ import org.olat.core.id.context.BusinessControlFactory;
import org.olat.core.id.context.ContextEntry;
import org.olat.core.logging.OLog;
import org.olat.core.logging.Tracing;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.mail.MailBundle;
import org.olat.core.util.mail.MailContext;
import org.olat.core.util.mail.MailContextImpl;
@@ -77,6 +78,7 @@ import org.olat.course.properties.CoursePropertyManager;
import org.olat.course.run.userview.UserCourseEnvironment;
import org.olat.modules.ModuleConfiguration;
import org.olat.properties.Property;
+import org.olat.user.UserManager;
/**
* Initial Date: 02.09.2004
@@ -146,10 +148,14 @@ public class DropboxScoringViewController extends BasicController {
myContent.contextPut("hasReturnbox", (hasReturnbox != null) ? hasReturnbox : hasDropboxValue);
// dropbox display
- String assesseeName = userCourseEnv.getIdentityEnvironment().getIdentity().getName();
+ Identity assessee = userCourseEnv.getIdentityEnvironment().getIdentity();
+ String assesseeName = assessee.getName();
+ UserManager userManager = CoreSpringFactory.getImpl(UserManager.class);
+ String assesseeFullName = StringHelper.escapeHtml(userManager.getUserDisplayName(assessee));
+
OlatRootFolderImpl rootDropbox = new OlatRootFolderImpl(getDropboxFilePath(assesseeName), null);
rootDropbox.setLocalSecurityCallback( getDropboxVfsSecurityCallback());
- OlatNamedContainerImpl namedDropbox = new OlatNamedContainerImpl(getDropboxRootFolderName(assesseeName), rootDropbox);
+ OlatNamedContainerImpl namedDropbox = new OlatNamedContainerImpl(assesseeFullName, rootDropbox);
namedDropbox.setLocalSecurityCallback(getDropboxVfsSecurityCallback());
dropboxFolderRunController = new FolderRunController(namedDropbox, false, ureq, getWindowControl());
@@ -159,9 +165,9 @@ public class DropboxScoringViewController extends BasicController {
// returnbox display
OlatRootFolderImpl rootReturnbox = new OlatRootFolderImpl(getReturnboxFilePath(assesseeName), null);
- rootReturnbox.setLocalSecurityCallback( getReturnboxVfsSecurityCallback(rootReturnbox.getRelPath(),userCourseEnv, node) ); //
- OlatNamedContainerImpl namedReturnbox = new OlatNamedContainerImpl(getReturnboxRootFolderName(assesseeName), rootReturnbox);
- namedReturnbox.setLocalSecurityCallback( getReturnboxVfsSecurityCallback(rootReturnbox.getRelPath(),userCourseEnv, node));
+ rootReturnbox.setLocalSecurityCallback( getReturnboxVfsSecurityCallback(rootReturnbox.getRelPath()) );
+ OlatNamedContainerImpl namedReturnbox = new OlatNamedContainerImpl(assesseeFullName, rootReturnbox);
+ namedReturnbox.setLocalSecurityCallback(getReturnboxVfsSecurityCallback(rootReturnbox.getRelPath()));
returnboxFolderRunController = new FolderRunController(namedReturnbox, false, ureq, getWindowControl());
listenTo(returnboxFolderRunController);
@@ -194,16 +200,8 @@ public class DropboxScoringViewController extends BasicController {
return new ReadOnlyAndDeleteCallback();
}
- protected VFSSecurityCallback getReturnboxVfsSecurityCallback(String returnboxRelPath, UserCourseEnvironment userCourseEnv2, CourseNode node2) {
- return new ReturnboxFullAccessCallback(returnboxRelPath,userCourseEnv2, node2);
- }
-
- protected String getDropboxRootFolderName(String assesseeName) {
- return assesseeName;
- }
-
- protected String getReturnboxRootFolderName(String assesseeName) {
- return assesseeName;
+ protected VFSSecurityCallback getReturnboxVfsSecurityCallback(String returnboxRelPath) {
+ return new ReturnboxFullAccessCallback(returnboxRelPath);
}
/**
@@ -405,7 +403,7 @@ class ReturnboxFullAccessCallback implements VFSSecurityCallback {
private Quota quota;
- public ReturnboxFullAccessCallback(String relPath, UserCourseEnvironment userCourseEnv, CourseNode courseNode) {
+ public ReturnboxFullAccessCallback(String relPath) {
QuotaManager qm = QuotaManager.getInstance();
quota = qm.getCustomQuota(relPath);
if (quota == null) { // if no custom quota set, use the default quotas...
diff --git a/src/main/java/org/olat/course/nodes/ta/ReturnboxController.java b/src/main/java/org/olat/course/nodes/ta/ReturnboxController.java
index 929d3a58738..17acd2f837a 100644
--- a/src/main/java/org/olat/course/nodes/ta/ReturnboxController.java
+++ b/src/main/java/org/olat/course/nodes/ta/ReturnboxController.java
@@ -39,6 +39,7 @@ import org.olat.core.gui.control.Event;
import org.olat.core.gui.control.WindowControl;
import org.olat.core.gui.control.controller.BasicController;
import org.olat.core.id.Identity;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.Util;
import org.olat.core.util.notifications.ContextualSubscriptionController;
import org.olat.core.util.notifications.SubscriptionContext;
@@ -46,7 +47,6 @@ import org.olat.core.util.vfs.callbacks.ReadOnlyCallback;
import org.olat.course.nodes.CourseNode;
import org.olat.course.run.environment.CourseEnvironment;
import org.olat.course.run.userview.UserCourseEnvironment;
-import org.olat.modules.ModuleConfiguration;
import org.olat.user.UserManager;
/**
@@ -80,25 +80,25 @@ public class ReturnboxController extends BasicController {
* @param userCourseEnv
* @param previewMode
*/
- public ReturnboxController(UserRequest ureq, WindowControl wControl, ModuleConfiguration config, CourseNode node, UserCourseEnvironment userCourseEnv, boolean previewMode) {
- this(ureq, wControl, config, node, userCourseEnv, previewMode, true);
+ public ReturnboxController(UserRequest ureq, WindowControl wControl, CourseNode node, UserCourseEnvironment userCourseEnv, boolean previewMode) {
+ this(ureq, wControl, node, userCourseEnv, previewMode, true);
}
- protected ReturnboxController(UserRequest ureq, WindowControl wControl, ModuleConfiguration config, CourseNode node, UserCourseEnvironment userCourseEnv, boolean previewMode, boolean doInit) {
+ protected ReturnboxController(UserRequest ureq, WindowControl wControl, CourseNode node, UserCourseEnvironment userCourseEnv, boolean previewMode, boolean doInit) {
super(ureq, wControl);
userManager = CoreSpringFactory.getImpl(UserManager.class);
this.setBasePackage(ReturnboxController.class);
if (doInit) {
- initReturnbox(ureq, wControl, config, node, userCourseEnv, previewMode);
+ initReturnbox(ureq, wControl, node, userCourseEnv, previewMode);
}
}
- protected void initReturnbox(UserRequest ureq, WindowControl wControl, ModuleConfiguration config, CourseNode node, UserCourseEnvironment userCourseEnv, boolean previewMode) {
+ protected void initReturnbox(UserRequest ureq, WindowControl wControl, CourseNode node, UserCourseEnvironment userCourseEnv, boolean previewMode) {
// returnbox display
myContent = createVelocityContainer("returnbox");
OlatRootFolderImpl rootFolder = new OlatRootFolderImpl(getReturnboxPathFor(userCourseEnv.getCourseEnvironment(), node, ureq.getIdentity()) , null);
- String fullName = userManager.getUserDisplayName(getIdentity());
+ String fullName = StringHelper.escapeHtml(userManager.getUserDisplayName(getIdentity()));
OlatNamedContainerImpl namedContainer = new OlatNamedContainerImpl(fullName, rootFolder);
namedContainer.setLocalSecurityCallback(new ReadOnlyCallback());
returnboxFolderRunController = new FolderRunController(namedContainer, false, ureq, wControl);
@@ -152,14 +152,15 @@ public class ReturnboxController extends BasicController {
* @see org.olat.core.gui.control.DefaultController#event(org.olat.core.gui.UserRequest, org.olat.core.gui.control.Controller, org.olat.core.gui.control.Event)
*/
public void event(UserRequest ureq, Controller source, Event event) {
+ //
}
-
-
+
/**
*
* @see org.olat.core.gui.control.DefaultController#doDispose(boolean)
*/
protected void doDispose() {
+ //
}
}
diff --git a/src/main/java/org/olat/course/nodes/ta/TACourseNodeRunController.java b/src/main/java/org/olat/course/nodes/ta/TACourseNodeRunController.java
index a63f7b68e2d..7b3d8a8f8ef 100644
--- a/src/main/java/org/olat/course/nodes/ta/TACourseNodeRunController.java
+++ b/src/main/java/org/olat/course/nodes/ta/TACourseNodeRunController.java
@@ -97,10 +97,9 @@ public class TACourseNodeRunController extends BasicController {
content.contextPut("hasDropbox", Boolean.TRUE);
}
if (hasReturnbox) {
- returnboxController = new ReturnboxController(ureq, wControl, config, ne.getCourseNode(), userCourseEnv, previewMode);
+ returnboxController = new ReturnboxController(ureq, wControl, ne.getCourseNode(), userCourseEnv, previewMode);
content.put("returnboxController", returnboxController.getInitialComponent());
content.contextPut("hasReturnbox", Boolean.TRUE);
-
}
if (hasSolution) {
diff --git a/src/main/java/org/olat/group/ui/homepage/GroupInfoDisplayController.java b/src/main/java/org/olat/group/ui/homepage/GroupInfoDisplayController.java
index ae09476520b..ac136dcefd8 100644
--- a/src/main/java/org/olat/group/ui/homepage/GroupInfoDisplayController.java
+++ b/src/main/java/org/olat/group/ui/homepage/GroupInfoDisplayController.java
@@ -28,6 +28,7 @@ import org.olat.core.gui.components.velocity.VelocityContainer;
import org.olat.core.gui.control.Event;
import org.olat.core.gui.control.WindowControl;
import org.olat.core.gui.control.controller.BasicController;
+import org.olat.core.util.StringHelper;
import org.olat.group.BusinessGroup;
/**
@@ -45,7 +46,7 @@ public class GroupInfoDisplayController extends BasicController {
super(ureq, wControl);
content = createVelocityContainer("groupinfodisplay");
content.contextPut("description", businessGroup.getDescription());
- content.contextPut("name", businessGroup.getName());
+ content.contextPut("name", StringHelper.escapeHtml(businessGroup.getName()));
BaseSecurity securityManager = BaseSecurityManager.getInstance();
int numParticipants = 0;
diff --git a/src/main/java/org/olat/group/ui/main/AbstractBusinessGroupListController.java b/src/main/java/org/olat/group/ui/main/AbstractBusinessGroupListController.java
index 8b4ad3ac971..78c57c6ccb0 100644
--- a/src/main/java/org/olat/group/ui/main/AbstractBusinessGroupListController.java
+++ b/src/main/java/org/olat/group/ui/main/AbstractBusinessGroupListController.java
@@ -309,7 +309,8 @@ public abstract class AbstractBusinessGroupListController extends BasicControlle
} else if(actionid.equals(TABLE_ACTION_EDIT)) {
doEdit(ureq, businessGroup);
} else if(actionid.equals(TABLE_ACTION_LEAVE)) {
- leaveDialogBox = activateYesNoDialog(ureq, null, translate("dialog.modal.bg.leave.text", businessGroup.getName()), leaveDialogBox);
+ String groupName = StringHelper.escapeHtml(businessGroup.getName());
+ leaveDialogBox = activateYesNoDialog(ureq, null, translate("dialog.modal.bg.leave.text", groupName), leaveDialogBox);
leaveDialogBox.setUserObject(businessGroup);
} else if (actionid.equals(TABLE_ACTION_ACCESS)) {
doAccess(ureq, businessGroup);
diff --git a/src/main/java/org/olat/group/ui/main/MemberInfoController.java b/src/main/java/org/olat/group/ui/main/MemberInfoController.java
index 6b79dde27ab..19a487f7e5e 100644
--- a/src/main/java/org/olat/group/ui/main/MemberInfoController.java
+++ b/src/main/java/org/olat/group/ui/main/MemberInfoController.java
@@ -37,6 +37,7 @@ import org.olat.core.gui.control.Controller;
import org.olat.core.gui.control.WindowControl;
import org.olat.core.id.Identity;
import org.olat.core.util.Formatter;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.Util;
import org.olat.course.assessment.UserCourseInformations;
import org.olat.course.assessment.manager.UserCourseInformationsManager;
@@ -88,7 +89,7 @@ public class MemberInfoController extends FormBasicController {
Controller dpc = new DisplayPortraitController(ureq, getWindowControl(), identity, true, false);
listenTo(dpc); // auto dispose
layoutCont.put("image", dpc.getInitialComponent());
- layoutCont.contextPut("fullname", userManager.getUserDisplayName(identity));
+ layoutCont.contextPut("fullname", StringHelper.escapeHtml(userManager.getUserDisplayName(identity)));
}
//user properties
diff --git a/src/main/java/org/olat/group/ui/main/MemberLeaveConfirmationController.java b/src/main/java/org/olat/group/ui/main/MemberLeaveConfirmationController.java
index 5c744495250..74929a2ad3c 100644
--- a/src/main/java/org/olat/group/ui/main/MemberLeaveConfirmationController.java
+++ b/src/main/java/org/olat/group/ui/main/MemberLeaveConfirmationController.java
@@ -31,6 +31,7 @@ import org.olat.core.gui.control.Controller;
import org.olat.core.gui.control.Event;
import org.olat.core.gui.control.WindowControl;
import org.olat.core.id.Identity;
+import org.olat.core.util.StringHelper;
import org.olat.group.BusinessGroupModule;
import org.olat.user.UserManager;
@@ -68,7 +69,7 @@ public class MemberLeaveConfirmationController extends FormBasicController {
StringBuilder sb = new StringBuilder(identities.size() * 25);
for(Identity id:identities) {
if(sb.length() > 0) sb.append(" / ");
- sb.append(userManager.getUserDisplayName(id));
+ sb.append(StringHelper.escapeHtml(userManager.getUserDisplayName(id)));
}
((FormLayoutContainer)formLayout).contextPut("identities", sb.toString());
}
diff --git a/src/main/java/org/olat/group/ui/main/_content/accept_reservations.html b/src/main/java/org/olat/group/ui/main/_content/accept_reservations.html
index 72070fdc198..4d9d222a44d 100644
--- a/src/main/java/org/olat/group/ui/main/_content/accept_reservations.html
+++ b/src/main/java/org/olat/group/ui/main/_content/accept_reservations.html
@@ -4,7 +4,7 @@
<div class="o_reservation b_clearfix">
<div>
<span class="o_reservation_name b_with_small_icon_left #if($reservation.isGroupReservation()) b_group_icon #elseif($reservation.isRepositoryEntryReservation()) o_course_icon #end">
- ${reservation.name}
+ $r.escapeHtml(${reservation.name})
</span>
#if($reservation.coach)
<span class="o_reservation_role_coach">
diff --git a/src/main/java/org/olat/group/ui/main/_content/group_delete_confirmation.html b/src/main/java/org/olat/group/ui/main/_content/group_delete_confirmation.html
index 730a53994a8..481f9b0d473 100644
--- a/src/main/java/org/olat/group/ui/main/_content/group_delete_confirmation.html
+++ b/src/main/java/org/olat/group/ui/main/_content/group_delete_confirmation.html
@@ -1,3 +1,3 @@
-<p>$r.translate("dialog.modal.bg.delete.text", $groups)</p>
+<p>$r.translate("dialog.modal.bg.delete.text", $r.escapeHtml($groups))</p>
$r.render("sendmail")
$r.render("buttons")
diff --git a/src/main/java/org/olat/gui/control/OlatFooterController.java b/src/main/java/org/olat/gui/control/OlatFooterController.java
index e5bda4dc185..ebe852464ca 100644
--- a/src/main/java/org/olat/gui/control/OlatFooterController.java
+++ b/src/main/java/org/olat/gui/control/OlatFooterController.java
@@ -37,6 +37,7 @@ import org.olat.core.gui.control.WindowControl;
import org.olat.core.gui.control.controller.BasicController;
import org.olat.core.helpers.Settings;
import org.olat.core.id.Identity;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.Util;
import org.olat.core.util.WebappHelper;
import org.olat.social.SocialModule;
@@ -91,7 +92,7 @@ public class OlatFooterController extends BasicController {
olatFootervc.contextPut("username", translate("invitee"));
} else {
String fullName = CoreSpringFactory.getImpl(UserManager.class).getUserDisplayName(ureq.getIdentity());
- olatFootervc.contextPut("username", fullName);
+ olatFootervc.contextPut("username", StringHelper.escapeHtml(fullName));
}
} else {
olatFootervc.contextPut("loggedIn", Boolean.FALSE);
diff --git a/src/main/java/org/olat/gui/control/OlatTopNavController.java b/src/main/java/org/olat/gui/control/OlatTopNavController.java
index b3060674a08..7ce5a26aca0 100644
--- a/src/main/java/org/olat/gui/control/OlatTopNavController.java
+++ b/src/main/java/org/olat/gui/control/OlatTopNavController.java
@@ -80,7 +80,7 @@ public class OlatTopNavController extends BasicController implements GenericEven
this(ureq, wControl, false, true);
}
- public OlatTopNavController(UserRequest ureq, WindowControl wControl, boolean impressum, boolean search) {
+ public OlatTopNavController(UserRequest ureq, WindowControl wControl, boolean impressum, boolean search) {
super(ureq, wControl);
topNavVC = createVelocityContainer("topnav");
@@ -118,7 +118,7 @@ public class OlatTopNavController extends BasicController implements GenericEven
impressumLink.setTarget("_blank");
}
- if(ureq.getIdentity() != null && !isGuest && !isInvitee) {
+ if(search && ureq.getIdentity() != null && !isGuest && !isInvitee) {
SearchServiceUIFactory searchUIFactory = (SearchServiceUIFactory)CoreSpringFactory.getBean(SearchServiceUIFactory.class);
searchC = searchUIFactory.createInputController(ureq, wControl, DisplayOption.STANDARD, null);
searchC.setResourceContextEnable(false);
diff --git a/src/main/java/org/olat/instantMessaging/manager/RosterDAO.java b/src/main/java/org/olat/instantMessaging/manager/RosterDAO.java
index 695c3a7b0cd..7a0dc0110f1 100644
--- a/src/main/java/org/olat/instantMessaging/manager/RosterDAO.java
+++ b/src/main/java/org/olat/instantMessaging/manager/RosterDAO.java
@@ -110,10 +110,6 @@ public class RosterDAO {
return query.getResultList();
}
- public void clear() {
- dbInstance.getCurrentEntityManager().createNamedQuery("clearIMRosterEntry").executeUpdate();
- }
-
public void deleteEntry(Identity identity, OLATResourceable ores) {
dbInstance.getCurrentEntityManager().createNamedQuery("deleteIMRosterEntryByIdentityAndResource")
.setParameter("identityKey", identity.getKey())
diff --git a/src/main/java/org/olat/instantMessaging/model/RosterEntryImpl.java b/src/main/java/org/olat/instantMessaging/model/RosterEntryImpl.java
index f8feab0e79b..0ac51d4cda6 100644
--- a/src/main/java/org/olat/instantMessaging/model/RosterEntryImpl.java
+++ b/src/main/java/org/olat/instantMessaging/model/RosterEntryImpl.java
@@ -49,7 +49,6 @@ import org.olat.core.id.Persistable;
@NamedQuery(name="loadIMRosterEntryForUpdate", query="select entry from imrosterentry entry where entry.identityKey=:identityKey and entry.resourceId=:resid and entry.resourceTypeName=:resname",
lockMode=LockModeType.PESSIMISTIC_WRITE),
@NamedQuery(name="loadIMRosterEntryByResource", query="select entry from imrosterentry entry where entry.resourceId=:resid and entry.resourceTypeName=:resname"),
- @NamedQuery(name="clearIMRosterEntry", query="delete from imrosterentry entry"),
@NamedQuery(name="deleteIMRosterEntryByIdentityAndResource", query="delete from imrosterentry entry where entry.identityKey=:identityKey and entry.resourceId=:resid and entry.resourceTypeName=:resname")
})
public class RosterEntryImpl implements Persistable, CreateInfo {
diff --git a/src/main/java/org/olat/instantMessaging/ui/ChatController.java b/src/main/java/org/olat/instantMessaging/ui/ChatController.java
index f3cc91dd7cb..f9cd7f6e135 100644
--- a/src/main/java/org/olat/instantMessaging/ui/ChatController.java
+++ b/src/main/java/org/olat/instantMessaging/ui/ChatController.java
@@ -155,7 +155,8 @@ public class ChatController extends BasicController implements GenericEventListe
}
chatPanelCtr = new FloatingResizableDialogController(ureq, getWindowControl(), mainVC,
- roomName , width, height, offsetX, offsetY, rosterCtrl == null ? null : rosterCtrl.getInitialComponent(),
+ roomName , width, height, offsetX, offsetY,
+ rosterCtrl == null ? null : rosterCtrl.getInitialComponent(),
translate("groupchat.roster"), true, false, true, String.valueOf(hashCode()));
listenTo(chatPanelCtr);
chatPanelCtr.setElementCSSClass("o_instantmessaging_chat_dialog");
diff --git a/src/main/java/org/olat/instantMessaging/ui/IMBuddyListController.java b/src/main/java/org/olat/instantMessaging/ui/IMBuddyListController.java
index b7b94bd3748..bbf6ee5b8d7 100644
--- a/src/main/java/org/olat/instantMessaging/ui/IMBuddyListController.java
+++ b/src/main/java/org/olat/instantMessaging/ui/IMBuddyListController.java
@@ -28,6 +28,7 @@ import org.olat.core.gui.components.velocity.VelocityContainer;
import org.olat.core.gui.control.Event;
import org.olat.core.gui.control.WindowControl;
import org.olat.core.gui.control.controller.BasicController;
+import org.olat.core.util.StringHelper;
import org.olat.instantMessaging.InstantMessagingModule;
import org.olat.instantMessaging.InstantMessagingService;
import org.olat.instantMessaging.OpenInstantMessageEvent;
@@ -144,7 +145,7 @@ public class IMBuddyListController extends BasicController {
String linkId = "buddy_" + group.getGroupKey() + "_" + buddy.getIdentityKey();
if(buddiesListContent.getComponent(linkId) == null) {
Link buddyLink = LinkFactory.createCustomLink(linkId, "cmd.buddy", "", Link.NONTRANSLATED, buddiesListContent, this);
- buddyLink.setCustomDisplayText(buddy.getName());
+ buddyLink.setCustomDisplayText(StringHelper.escapeHtml(buddy.getName()));
String css = getStatusCss(buddy);
buddyLink.setCustomEnabledLinkCSS(css);
buddyLink.setUserObject(buddy);
@@ -153,7 +154,7 @@ public class IMBuddyListController extends BasicController {
String linkIdAlt = "buddy_" + buddy.getIdentityKey();
if(buddiesListContent.getComponent(linkIdAlt) == null) {
Link buddyLink = LinkFactory.createCustomLink(linkIdAlt, "cmd.buddy", "", Link.NONTRANSLATED, buddiesListContent, this);
- buddyLink.setCustomDisplayText(buddy.getName());
+ buddyLink.setCustomDisplayText(StringHelper.escapeHtml(buddy.getName()));
String css = getStatusCss(buddy);
buddyLink.setCustomEnabledLinkCSS(css);
buddyLink.setUserObject(buddy);
diff --git a/src/main/java/org/olat/instantMessaging/ui/Roster.java b/src/main/java/org/olat/instantMessaging/ui/Roster.java
index 705269eba5f..80da092e64e 100644
--- a/src/main/java/org/olat/instantMessaging/ui/Roster.java
+++ b/src/main/java/org/olat/instantMessaging/ui/Roster.java
@@ -38,19 +38,11 @@ import org.olat.instantMessaging.model.BuddyGroup;
public class Roster {
private final Long identityKey;
- private final List<Buddy> entries;
- private final List<BuddyGroup> groups;
+ private final List<Buddy> entries = new CopyOnWriteArrayList<Buddy>();
+ private final List<BuddyGroup> groups = new CopyOnWriteArrayList<BuddyGroup>();
public Roster(Long identityKey) {
this.identityKey = identityKey;
- entries = new CopyOnWriteArrayList<Buddy>();
- groups = new CopyOnWriteArrayList<BuddyGroup>();
- }
-
- public Roster(List<Buddy> entries, Long identityKey) {
- this.identityKey = identityKey;
- this.entries = entries;
- groups = new CopyOnWriteArrayList<BuddyGroup>();
}
public List<BuddyGroup> getGroups() {
diff --git a/src/main/java/org/olat/instantMessaging/ui/RosterForm.java b/src/main/java/org/olat/instantMessaging/ui/RosterForm.java
index 43597bc6b49..52c114b2c93 100644
--- a/src/main/java/org/olat/instantMessaging/ui/RosterForm.java
+++ b/src/main/java/org/olat/instantMessaging/ui/RosterForm.java
@@ -31,6 +31,7 @@ import org.olat.core.gui.components.form.flexible.impl.FormLayoutContainer;
import org.olat.core.gui.control.Controller;
import org.olat.core.gui.control.Event;
import org.olat.core.gui.control.WindowControl;
+import org.olat.core.util.StringHelper;
import org.olat.user.UserManager;
/**
@@ -65,7 +66,7 @@ public class RosterForm extends FormBasicController {
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
// for simplicity we initialize the form even when the anonymous mode is disabled
// and just hide the form elements in the GUI
- String[] theValues = new String[]{ fullName, translate("anonymous") };
+ String[] theValues = new String[]{ StringHelper.escapeHtml(fullName), translate("anonymous") };
toggle = uifactory.addRadiosVertical("toggle", "toogle.anonymous", formLayout, anonKeys, theValues);
if(defaultAnonym) {
diff --git a/src/main/java/org/olat/instantMessaging/ui/_content/buddies_content.html b/src/main/java/org/olat/instantMessaging/ui/_content/buddies_content.html
index 9dd0dab637a..14bf6f839ea 100644
--- a/src/main/java/org/olat/instantMessaging/ui/_content/buddies_content.html
+++ b/src/main/java/org/olat/instantMessaging/ui/_content/buddies_content.html
@@ -2,7 +2,7 @@
#if($viewGroups)
#foreach ($group in $buddyList.groups)
<li class="o_instantmessaging_group">
- <div class="o_instantmessaging_groupname">$group.groupName</div>
+ <div class="o_instantmessaging_groupname">$r.escapeHtml($group.groupName)</div>
<ul>
#foreach ($buddy in $group.buddy)
<li>$r.render("buddy_${group.groupKey}_${buddy.identityKey}")</li>
diff --git a/src/main/java/org/olat/instantMessaging/ui/_content/chatMsgField.html b/src/main/java/org/olat/instantMessaging/ui/_content/chatMsgField.html
index 82f32b90093..0e8fae1cbab 100644
--- a/src/main/java/org/olat/instantMessaging/ui/_content/chatMsgField.html
+++ b/src/main/java/org/olat/instantMessaging/ui/_content/chatMsgField.html
@@ -21,7 +21,7 @@
<div class="o_instantmessaging_avatar o_portrait_dummy_small"></div>
#end
- <div class="o_instantmessaging_from">${message.from}</div>
+ <div class="o_instantmessaging_from">$r.escapeHtml(${message.from})</div>
## end link to visiting card
#if(!$message.anonym) </a> #end
diff --git a/src/main/java/org/olat/instantMessaging/ui/_content/roster.html b/src/main/java/org/olat/instantMessaging/ui/_content/roster.html
index 3e1ef9a13b9..521c262c192 100644
--- a/src/main/java/org/olat/instantMessaging/ui/_content/roster.html
+++ b/src/main/java/org/olat/instantMessaging/ui/_content/roster.html
@@ -7,7 +7,7 @@
<ul>
#foreach($entry in $roster.entries)
<li class="#if($entry.vip) o_instantmessaging_vip #end #if($entry.anonym) o_instantmessaging_anonymous #end">
- <span>${entry.name}</span>
+ <span>$r.escapeHtml(${entry.name})</span>
</li>
#end
</ul>
diff --git a/src/main/java/org/olat/modules/fo/MessageEditController.java b/src/main/java/org/olat/modules/fo/MessageEditController.java
index 7ce405c5931..b7f2c270c64 100644
--- a/src/main/java/org/olat/modules/fo/MessageEditController.java
+++ b/src/main/java/org/olat/modules/fo/MessageEditController.java
@@ -194,7 +194,7 @@ public class MessageEditController extends FormBasicController {
+ "/msg-preview.html");
uifactory.addSpacerElement("spacer1", formLayout, false);
formLayout.add(replyMsgLayout);
- replyMsgLayout.setLabel("label.replytomsg", new String[] { replyMessage.getTitle() });
+ replyMsgLayout.setLabel("label.replytomsg", new String[] { StringHelper.escapeHtml(replyMessage.getTitle()) });
Identity identity = replyMessage.getCreator();
replyMsgLayout.contextPut("identity", identity);
replyMsgLayout.contextPut("messageBody", replyMessage.getBody());
@@ -239,8 +239,8 @@ public class MessageEditController extends FormBasicController {
FormLayoutContainer tmpLayout;
if (attachLayout == null) {
- tmpLayout = FormLayoutContainer.createCustomFormLayout("attachLayout", getTranslator(), Util.getPackageVelocityRoot(this.getClass())
- + "/attachments-editview.html");
+ String editPage = Util.getPackageVelocityRoot(this.getClass()) + "/attachments-editview.html";
+ tmpLayout = FormLayoutContainer.createCustomFormLayout("attachLayout", getTranslator(), editPage);
formLayout.add(tmpLayout);
} else {
tmpLayout = (FormLayoutContainer) attachLayout;
diff --git a/src/main/java/org/olat/modules/fo/_content/attachments-editview.html b/src/main/java/org/olat/modules/fo/_content/attachments-editview.html
index 8492b183488..767441f986d 100644
--- a/src/main/java/org/olat/modules/fo/_content/attachments-editview.html
+++ b/src/main/java/org/olat/modules/fo/_content/attachments-editview.html
@@ -5,7 +5,7 @@
#set( $fsize = $attachment.getSize() / 1024 )
<tr>
<td class="b_filetype_file $myself.renderFileIconCssClass($fname)" style="padding-left:20px; background-repeat: no-repeat;"> </td>
- <td>$fname ($fsize KB)</td>
+ <td>$r.escapeHtml($fname) ($fsize KB)</td>
<td>$r.render("delete.attachment.$velocityCount")</td>
</tr>
#end
diff --git a/src/main/java/org/olat/modules/fo/_content/msg-preview.html b/src/main/java/org/olat/modules/fo/_content/msg-preview.html
index bbe6243d83c..286db307b13 100644
--- a/src/main/java/org/olat/modules/fo/_content/msg-preview.html
+++ b/src/main/java/org/olat/modules/fo/_content/msg-preview.html
@@ -3,9 +3,7 @@
<div class="o_forum_message_header_wrapper" >
<div class="o_forum_message_header b_clearfix">
<div class="o_forum_message_title">
- <strong>
- $message.getTitle()
- </strong>
+ <strong>$r.escapeHtml($message.getTitle())</strong>
</div>
</div>
</div>
diff --git a/src/main/java/org/olat/modules/fo/_content/threadview.html b/src/main/java/org/olat/modules/fo/_content/threadview.html
index b23d9a87ca4..6a5f078cc26 100644
--- a/src/main/java/org/olat/modules/fo/_content/threadview.html
+++ b/src/main/java/org/olat/modules/fo/_content/threadview.html
@@ -63,11 +63,10 @@
</div>
</div>
</div>
-
<div class="o_forum_message_content_wrapper ">
<div class="o_forum_message_content b_clearfix ">
<div class="o_forum_message_creator">
- <strong>$message.get("firstname") $message.get("lastname")</strong>
+ <strong>$r.escapeHtml($message.get("firstname")) $r.escapeHtml($message.get("lastname"))</strong>
<br />
<br />
#if($r.available($message.get("portraitComponentVCName")))
@@ -86,7 +85,7 @@
#foreach( $attachment in $message.get("attachments") )
#set($fname = $attachment.getName())
#set( $fsize = $attachment.getSize() / 1024 )
- <li><a href="$r.commandURI("attachment_${velocityCount}_${count}")$fname" target="_blank" class="b_filetype_file $myself.renderFileIconCssClass($fname)">$fname ($fsize KB)</a></li>
+ <li><a href="$r.commandURI("attachment_${velocityCount}_${count}")$fname" target="_blank" class="b_filetype_file $myself.renderFileIconCssClass($fname)">$r.escapeHtml($fname) ($fsize KB)</a></li>
#end
</ul>
</div>
@@ -95,7 +94,7 @@
#if(($message.get("isModified")) || ($message.get("isMoved")))
<div class="o_forum_message_modified">
#if($message.get("isModified"))
- $r.translate("msg.modified"): $message.get("modfname") $message.get("modlname") $message.get("modified")
+ $r.translate("msg.modified"): $r.escapeHtml($message.get("modfname")) $r.escapeHtml($message.get("modlname")) $message.get("modified")
#end
#if($message.get("isMoved"))
$r.translate("msg.moved")
diff --git a/src/main/java/org/olat/modules/webFeed/ui/blog/_content/posts.html b/src/main/java/org/olat/modules/webFeed/ui/blog/_content/posts.html
index 8ed119927e4..d7c4d7bc163 100644
--- a/src/main/java/org/olat/modules/webFeed/ui/blog/_content/posts.html
+++ b/src/main/java/org/olat/modules/webFeed/ui/blog/_content/posts.html
@@ -40,7 +40,7 @@
#set ( $info = $helper.getInfo($post) )
#if ( $info )
<p class="o_item_info">
- $info#if($helper.isModified($post)), <span class="o_item_info_mod">$helper.getModifierInfo($post)</span>#end
+ $info#if($helper.isModified($post)), <span class="o_item_info_mod">$r.escapeHtml($helper.getModifierInfo($post))</span>#end
</p>
#end
<p></p>
diff --git a/src/main/java/org/olat/portfolio/EPAbstractHandler.java b/src/main/java/org/olat/portfolio/EPAbstractHandler.java
index c028d2bcc59..5788786f4c7 100755
--- a/src/main/java/org/olat/portfolio/EPAbstractHandler.java
+++ b/src/main/java/org/olat/portfolio/EPAbstractHandler.java
@@ -106,7 +106,6 @@ public abstract class EPAbstractHandler<U extends AbstractArtefact> implements E
return false;
}
- @SuppressWarnings("unused")
@Override
public Controller getSpecialMapViewController(UserRequest ureq, WindowControl wControl, AbstractArtefact artefact) {
return null;
diff --git a/src/main/java/org/olat/portfolio/EPMapOnInvitationExtension.java b/src/main/java/org/olat/portfolio/EPMapOnInvitationExtension.java
index 1b095e4518a..7ef266cd0fd 100644
--- a/src/main/java/org/olat/portfolio/EPMapOnInvitationExtension.java
+++ b/src/main/java/org/olat/portfolio/EPMapOnInvitationExtension.java
@@ -40,7 +40,6 @@ import org.olat.portfolio.model.structel.PortfolioStructureMap;
*
* @author Roman Haag, roman.haag@frentix.com, http://www.frentix.com
*/
-@SuppressWarnings("unused")
public class EPMapOnInvitationExtension {
public EPMapOnInvitationExtension() {
diff --git a/src/main/java/org/olat/portfolio/EPMyMapsExtension.java b/src/main/java/org/olat/portfolio/EPMyMapsExtension.java
index 7a2848de5c3..3e3959e4242 100644
--- a/src/main/java/org/olat/portfolio/EPMyMapsExtension.java
+++ b/src/main/java/org/olat/portfolio/EPMyMapsExtension.java
@@ -38,7 +38,6 @@ import org.olat.portfolio.model.structel.EPDefaultMap;
*
* @author Roman Haag, roman.haag@frentix.com, http://www.frentix.com
*/
-@SuppressWarnings("unused")
public class EPMyMapsExtension {
public EPMyMapsExtension() {
diff --git a/src/main/java/org/olat/portfolio/EPOtherMapsExtension.java b/src/main/java/org/olat/portfolio/EPOtherMapsExtension.java
index 5d5bcf3c06d..1a92b494f89 100644
--- a/src/main/java/org/olat/portfolio/EPOtherMapsExtension.java
+++ b/src/main/java/org/olat/portfolio/EPOtherMapsExtension.java
@@ -37,7 +37,6 @@ import org.olat.home.HomeSite;
*
* @author Roman Haag, roman.haag@frentix.com, http://www.frentix.com
*/
-@SuppressWarnings("unused")
public class EPOtherMapsExtension {
public EPOtherMapsExtension() {
diff --git a/src/main/java/org/olat/portfolio/manager/EPNotificationManager.java b/src/main/java/org/olat/portfolio/manager/EPNotificationManager.java
index 284c1049bef..b218476f0f7 100644
--- a/src/main/java/org/olat/portfolio/manager/EPNotificationManager.java
+++ b/src/main/java/org/olat/portfolio/manager/EPNotificationManager.java
@@ -28,6 +28,7 @@ import org.olat.core.commons.persistence.DB;
import org.olat.core.commons.persistence.DBQuery;
import org.olat.core.gui.translator.Translator;
import org.olat.core.id.context.BusinessControlFactory;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.notifications.items.SubscriptionListItem;
import org.olat.portfolio.model.notification.EPArtefactNotification;
import org.olat.portfolio.model.notification.EPCommentNotification;
@@ -64,7 +65,7 @@ public class EPNotificationManager {
List<SubscriptionListItem> items = new ArrayList<SubscriptionListItem>();
for (EPNotification notification : notifications) {
SubscriptionListItem item = null;
- String[] title = new String[] { notification.getTitle() };
+ String[] title = new String[] { StringHelper.escapeHtml(notification.getTitle()) };
if ("page".equals(notification.getType())) {
String bPath = rootBusinessPath + "[EPPage:" + notification.getPageKey() + "]";
String linkUrl = BusinessControlFactory.getInstance().getURLFromBusinessPathString(bPath);
@@ -93,9 +94,9 @@ public class EPNotificationManager {
Long pageKey = link.getPageKey();
String targetTitle= link.getStructureTitle();
String[] title = new String[] {
- userManager.getUserDisplayName(link.getAuthor()),
- link.getArtefactTitle(),
- targetTitle
+ StringHelper.escapeHtml(userManager.getUserDisplayName(link.getAuthor())),
+ StringHelper.escapeHtml(link.getArtefactTitle()),
+ StringHelper.escapeHtml(targetTitle)
};
String bPath = rootBusinessPath + "[EPPage:" + pageKey + "]";
diff --git a/src/main/java/org/olat/portfolio/manager/EPNotificationsHandler.java b/src/main/java/org/olat/portfolio/manager/EPNotificationsHandler.java
index 3c188868a44..66ccf363ed4 100644
--- a/src/main/java/org/olat/portfolio/manager/EPNotificationsHandler.java
+++ b/src/main/java/org/olat/portfolio/manager/EPNotificationsHandler.java
@@ -27,6 +27,7 @@ import java.util.Locale;
import org.olat.core.CoreSpringFactory;
import org.olat.core.logging.OLog;
import org.olat.core.logging.Tracing;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.notifications.NotificationsHandler;
import org.olat.core.util.notifications.NotificationsManager;
import org.olat.core.util.notifications.Publisher;
@@ -125,9 +126,10 @@ public class EPNotificationsHandler implements NotificationsHandler {
private TitleItem getTitleItemForMap(EPMapShort amap) {
StringBuilder sbTitle = new StringBuilder();
if (amap != null) {
- sbTitle.append(amap.getTitle());
+ sbTitle.append(StringHelper.escapeHtml(amap.getTitle()));
EPFrontendManager epMgr = CoreSpringFactory.getImpl(EPFrontendManager.class);
- sbTitle.append(" (").append(epMgr.getFirstOwnerAsString(amap)).append(")");
+ String firstOwner = epMgr.getFirstOwnerAsString(amap);
+ sbTitle.append(" (").append(StringHelper.escapeHtml(firstOwner)).append(")");
}
return new TitleItem(sbTitle.toString(), "o_EPStructuredMapTemplate_icon");
}
diff --git a/src/main/java/org/olat/portfolio/ui/EPMapRunController.java b/src/main/java/org/olat/portfolio/ui/EPMapRunController.java
index 26abc5782d4..3f888ed4018 100755
--- a/src/main/java/org/olat/portfolio/ui/EPMapRunController.java
+++ b/src/main/java/org/olat/portfolio/ui/EPMapRunController.java
@@ -97,10 +97,10 @@ public class EPMapRunController extends BasicController implements Activateable2
this.create = create;
this.option = option;
this.choosenOwner = choosenOwner;
- ePFMgr = (EPFrontendManager) CoreSpringFactory.getBean("epFrontendManager");
+ ePFMgr = CoreSpringFactory.getImpl(EPFrontendManager.class);
Component viewComp = new Panel("empty");
- PortfolioModule portfolioModule = (PortfolioModule)CoreSpringFactory.getBean("portfolioModule");
+ PortfolioModule portfolioModule = CoreSpringFactory.getImpl(PortfolioModule.class);
if (portfolioModule.isEnabled()){
init(ureq);
viewComp = vC;
@@ -116,7 +116,7 @@ public class EPMapRunController extends BasicController implements Activateable2
createMapLink.setElementCssClass("o_sel_create_map");
}
- String documentType = null;
+ String documentType;
switch(option) {
case MY_DEFAULTS_MAPS:
documentType = "type.d*." + EPDefaultMap.class.getSimpleName();
@@ -124,6 +124,9 @@ public class EPMapRunController extends BasicController implements Activateable2
case MY_EXERCISES_MAPS:
documentType = "type.*." + EPStructuredMap.class.getSimpleName();
break;
+ default:
+ documentType = null;
+ break;
}
if(documentType != null) {
diff --git a/src/main/java/org/olat/portfolio/ui/EPViewModeController.java b/src/main/java/org/olat/portfolio/ui/EPViewModeController.java
index 07bebc96adb..f2e8b485f7d 100644
--- a/src/main/java/org/olat/portfolio/ui/EPViewModeController.java
+++ b/src/main/java/org/olat/portfolio/ui/EPViewModeController.java
@@ -76,7 +76,6 @@ public class EPViewModeController extends FormBasicController {
/**
* @see org.olat.core.gui.components.form.flexible.impl.FormBasicController#initForm(org.olat.core.gui.components.form.flexible.FormItemContainer, org.olat.core.gui.control.Controller, org.olat.core.gui.UserRequest)
*/
- @SuppressWarnings("unused")
@Override
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
String[] theKeys = new String[]{VIEWMODE_TABLE, VIEWMODE_DETAILS};
@@ -92,7 +91,6 @@ public class EPViewModeController extends FormBasicController {
/**
* @see org.olat.core.gui.components.form.flexible.impl.FormBasicController#formInnerEvent(org.olat.core.gui.UserRequest, org.olat.core.gui.components.form.flexible.FormItem, org.olat.core.gui.components.form.flexible.impl.FormEvent)
*/
- @SuppressWarnings("unused")
@Override
protected void formInnerEvent(UserRequest ureq, FormItem source, FormEvent event) {
if (source == viewRadio){
@@ -108,7 +106,6 @@ public class EPViewModeController extends FormBasicController {
/**
* @see org.olat.core.gui.components.form.flexible.impl.FormBasicController#formOK(org.olat.core.gui.UserRequest)
*/
- @SuppressWarnings("unused")
@Override
protected void formOK(UserRequest ureq) {
// nothing to persist, see formInnerEvent
diff --git a/src/main/java/org/olat/portfolio/ui/PortfolioAdminController.java b/src/main/java/org/olat/portfolio/ui/PortfolioAdminController.java
index e0d2dede6cb..8090ecd8ddc 100644
--- a/src/main/java/org/olat/portfolio/ui/PortfolioAdminController.java
+++ b/src/main/java/org/olat/portfolio/ui/PortfolioAdminController.java
@@ -71,7 +71,7 @@ public class PortfolioAdminController extends FormBasicController {
}
@Override
- protected void initForm(FormItemContainer formLayout, Controller listener, @SuppressWarnings("unused") UserRequest ureq) {
+ protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
if(formLayout instanceof FormLayoutContainer) {
FormLayoutContainer layoutContainer = (FormLayoutContainer)formLayout;
@@ -119,7 +119,6 @@ public class PortfolioAdminController extends FormBasicController {
//auto-disposed
}
- @SuppressWarnings("unused")
@Override
protected void formOK(UserRequest ureq) {
//
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/ArtefactWizzardStepsController.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/ArtefactWizzardStepsController.java
index 586bd4a1d2e..22ac1d368aa 100755
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/ArtefactWizzardStepsController.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/ArtefactWizzardStepsController.java
@@ -182,7 +182,6 @@ public class ArtefactWizzardStepsController extends BasicController {
}
@Override
- @SuppressWarnings("unused")
protected void event(UserRequest ureq, Component source, Event event) {
if (source == addLink) {
// someone triggered the 'add to my portfolio' workflow by its link
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/CmdAddToEPortfolioImpl.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/CmdAddToEPortfolioImpl.java
index ca1bd3631a8..95ce12bbddf 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/CmdAddToEPortfolioImpl.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/CmdAddToEPortfolioImpl.java
@@ -117,7 +117,6 @@ public class CmdAddToEPortfolioImpl extends BasicController implements CmdAddToE
* org.olat.core.gui.components.Component,
* org.olat.core.gui.control.Event)
*/
- @SuppressWarnings("unused")
@Override
protected void event(UserRequest ureq, Component source, Event event) {
// none
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPAddArtefactController.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPAddArtefactController.java
index 18db1787783..1c0f844809c 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPAddArtefactController.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPAddArtefactController.java
@@ -61,7 +61,6 @@ public class EPAddArtefactController extends BasicController {
private Link uploadBtn;
private Link liveBlogBtn;
- private Link importBtn; // not yet available, for v2 when import/export exists
private EPFrontendManager ePFMgr;
private VelocityContainer addPage = null;
private Link textBtn;
@@ -102,8 +101,6 @@ public class EPAddArtefactController extends BasicController {
liveBlogBtn.setCustomDisplayText(translate("add.artefact.blog"));
liveBlogBtn.setElementCssClass("o_sel_add_liveblog_artfeact");
}
-
- importBtn = LinkFactory.createLink("add.artefact.import", addPage, this); // not yet available, for v2 when import/export exists
}
private void initAddLinkPopup(UserRequest ureq) {
@@ -138,7 +135,7 @@ public class EPAddArtefactController extends BasicController {
* org.olat.core.gui.control.Event)
*/
@Override
- protected void event(UserRequest ureq, Component source, @SuppressWarnings("unused") Event event) {
+ protected void event(UserRequest ureq, Component source, Event event) {
if (source == addBtn) {
if (calloutCtr==null){
initAddLinkPopup(ureq);
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPArtefactWizzardStepCallback.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPArtefactWizzardStepCallback.java
index 52a71ef08d5..8de3e651c41 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPArtefactWizzardStepCallback.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPArtefactWizzardStepCallback.java
@@ -71,7 +71,6 @@ public class EPArtefactWizzardStepCallback implements StepRunnerCallback {
* org.olat.core.gui.control.generic.wizard.StepsRunContext)
*/
@Override
- @SuppressWarnings("unused")
public Step execute(UserRequest ureq2, WindowControl wControl, StepsRunContext runContext) {
boolean hasChanges = false;
if (runContext.containsKey("artefact")) {
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStep01.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStep01.java
index 60cf573514f..cab15f33990 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStep01.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStep01.java
@@ -27,7 +27,6 @@ package org.olat.portfolio.ui.artefacts.collect;
import org.olat.core.CoreSpringFactory;
import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.form.flexible.impl.Form;
-import org.olat.core.gui.components.form.flexible.impl.FormBasicController;
import org.olat.core.gui.control.WindowControl;
import org.olat.core.gui.control.generic.wizard.BasicStep;
import org.olat.core.gui.control.generic.wizard.PrevNextFinishConfig;
@@ -38,7 +37,7 @@ import org.olat.portfolio.model.artefacts.AbstractArtefact;
/**
* Description:<br>
- * TODO: rhaag Class Description for EPCollectStep01
+ * Step which collects the tags. Presents a list of the 50 most used tags
*
* <P>
* Initial Date: 27.07.2010 <br>
@@ -78,8 +77,7 @@ public class EPCollectStep01 extends BasicStep {
*/
@Override
public StepFormController getStepController(UserRequest ureq, WindowControl windowControl, StepsRunContext stepsRunContext, Form form) {
- StepFormController stepI = new EPCollectStepForm01(ureq, windowControl, form, stepsRunContext, FormBasicController.LAYOUT_DEFAULT, null, artefact);
+ StepFormController stepI = new EPCollectStepForm01(ureq, windowControl, form, stepsRunContext, artefact);
return stepI;
}
-
}
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm00.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm00.java
index cdfda6e2b7d..c6024ecea3b 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm00.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm00.java
@@ -80,7 +80,7 @@ public class EPCollectStepForm00 extends StepFormBasicController {
}
@Override
- protected void initForm(FormItemContainer formLayout, @SuppressWarnings("unused") Controller listener, UserRequest ureq) {
+ protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
title = uifactory.addTextElement("title", "artefact.title", 500, artefact.getTitle(), formLayout);
title.setMandatory(true);
title.setNotEmptyCheck("artefact.title.not.empty");
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm01.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm01.java
index 350683cada0..0fb0534265c 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm01.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm01.java
@@ -44,6 +44,7 @@ import org.olat.core.gui.control.generic.wizard.StepsEvent;
import org.olat.core.gui.control.generic.wizard.StepsRunContext;
import org.olat.core.logging.OLog;
import org.olat.core.logging.Tracing;
+import org.olat.core.util.StringHelper;
import org.olat.portfolio.manager.EPFrontendManager;
import org.olat.portfolio.model.artefacts.AbstractArtefact;
@@ -67,10 +68,9 @@ public class EPCollectStepForm01 extends StepFormBasicController {
private static OLog logger = Tracing.createLoggerFor(EPCollectStepForm01.class);
- public EPCollectStepForm01(UserRequest ureq, WindowControl wControl, Form rootForm, StepsRunContext runContext, int layout,
- String customLayoutPageName, AbstractArtefact artefact) {
+ public EPCollectStepForm01(UserRequest ureq, WindowControl wControl, Form rootForm, StepsRunContext runContext, AbstractArtefact artefact) {
super(ureq, wControl, rootForm, runContext, FormBasicController.LAYOUT_CUSTOM, "step01tagging");
- ePFMgr = (EPFrontendManager) CoreSpringFactory.getBean("epFrontendManager");
+ ePFMgr = CoreSpringFactory.getImpl(EPFrontendManager.class);
this.artefact = artefact;
initForm(this.flc, this, ureq);
@@ -93,7 +93,7 @@ public class EPCollectStepForm01 extends StepFormBasicController {
int i = 0;
for (Iterator<Entry<String, String>> iterator = allUsersTags.entrySet().iterator(); iterator.hasNext();) {
Entry<String, String> entry = iterator.next();
- String tag = entry.getKey();
+ String tag = StringHelper.escapeHtml(entry.getKey());
FormLink tagLink = uifactory.addFormLink("tagU" + i, tag, null, formLayout, Link.NONTRANSLATED);
tagLink.setUserObject(entry.getValue());
userTagLinks.add(tagLink);
@@ -147,8 +147,7 @@ public class EPCollectStepForm01 extends StepFormBasicController {
* org.olat.core.gui.components.form.flexible.impl.FormEvent)
*/
@Override
- protected void formInnerEvent(UserRequest ureq, FormItem source, FormEvent event) {
-
+ protected void formInnerEvent(UserRequest ureq, FormItem source, FormEvent event) {
if (source == tagListElement) {
// nothing to do here, update dataModel on FormOK
} else if (source instanceof FormLink) {
@@ -160,10 +159,12 @@ public class EPCollectStepForm01 extends StepFormBasicController {
if (link.getName().startsWith("tag")) {
List<String> currentTagsInComponent = tagListElement.getValueList();
String newTagFromLink = (String) link.getUserObject();
+ newTagFromLink = StringHelper.escapeHtml(newTagFromLink);
+ newTagFromLink = StringHelper.escapeJavaScript(newTagFromLink);
currentTagsInComponent.add(newTagFromLink);
addToRunContext(RUNCTX_TAGLIST_KEY, currentTagsInComponent);
// refresh gui
- this.flc.setDirty(true);
+ flc.setDirty(true);
initForm(ureq);
}
}
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm02.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm02.java
index c1be76c2918..d7e448c25f6 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm02.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm02.java
@@ -58,7 +58,6 @@ public class EPCollectStepForm02 extends StepFormBasicController {
* org.olat.core.gui.control.Controller, org.olat.core.gui.UserRequest)
*/
@Override
- @SuppressWarnings("unused")
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
setFormDescription("copyright.intro.text");
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm03.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm03.java
index 0c5a6e73061..251c44f9707 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm03.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCollectStepForm03.java
@@ -128,7 +128,6 @@ public class EPCollectStepForm03 extends StepFormBasicController {
* org.olat.core.gui.control.Controller, org.olat.core.gui.UserRequest)
*/
@Override
- @SuppressWarnings("unused")
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
setFormDescription("step3.short.descr");
setFormContextHelp("org.olat.portfolio.ui.artefacts.collect", "reflexion.html", "step3.chelp.hover");
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCreateFileArtefactStepForm00.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCreateFileArtefactStepForm00.java
index a91d27ddd05..39a60714a10 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCreateFileArtefactStepForm00.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCreateFileArtefactStepForm00.java
@@ -76,7 +76,6 @@ public class EPCreateFileArtefactStepForm00 extends StepFormBasicController {
* @see org.olat.core.gui.control.generic.wizard.StepFormBasicController#initForm(org.olat.core.gui.components.form.flexible.FormItemContainer,
* org.olat.core.gui.control.Controller, org.olat.core.gui.UserRequest)
*/
- @SuppressWarnings("unused")
@Override
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
setFormDescription("step0.file.short.descr");
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCreateTextArtefactStepForm00.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCreateTextArtefactStepForm00.java
index 9ad9d8f0a73..42a012b4619 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCreateTextArtefactStepForm00.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPCreateTextArtefactStepForm00.java
@@ -86,7 +86,7 @@ public class EPCreateTextArtefactStepForm00 extends StepFormBasicController {
}
@Override
- protected void initForm(FormItemContainer formLayout, @SuppressWarnings("unused") Controller listener, UserRequest ureq) {
+ protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
VFSItem contFile = vfsTemp.resolve(EPArtefactManager.ARTEFACT_CONTENT_FILENAME);
if (contFile == null) {
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPReflexionChangeEvent.java b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPReflexionChangeEvent.java
index efce49ceeff..e2b00c7b135 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPReflexionChangeEvent.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/collect/EPReflexionChangeEvent.java
@@ -31,7 +31,8 @@ import org.olat.portfolio.model.artefacts.AbstractArtefact;
* @author Roman Haag, roman.haag@frentix.com, http://www.frentix.com
*/
public class EPReflexionChangeEvent extends Event {
-
+
+ private static final long serialVersionUID = -2751202942774501947L;
private String refContent;
private AbstractArtefact refArtefact;
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/ArtefactTypeImageCellRenderer.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/ArtefactTypeImageCellRenderer.java
index 5f23ae78271..772af4ce7e9 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/ArtefactTypeImageCellRenderer.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/ArtefactTypeImageCellRenderer.java
@@ -45,7 +45,6 @@ public class ArtefactTypeImageCellRenderer implements CustomCellRenderer {
/**
* @see org.olat.core.gui.components.table.CustomCellRenderer#render(org.olat.core.gui.render.StringOutput, org.olat.core.gui.render.Renderer, java.lang.Object, java.util.Locale, int, java.lang.String)
*/
- @SuppressWarnings("unused")
@Override
public void render(StringOutput sb, Renderer renderer, Object val, Locale locale, int alignment, String action) {
if (val instanceof AbstractArtefact){
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactAttributeSettingController.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactAttributeSettingController.java
index a8238ad0739..fac8e30b4b1 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactAttributeSettingController.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactAttributeSettingController.java
@@ -58,7 +58,6 @@ public class EPArtefactAttributeSettingController extends FormBasicController {
}
@Override
- @SuppressWarnings("unused")
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
setFormDescription("display.option.intro");
@@ -83,7 +82,6 @@ public class EPArtefactAttributeSettingController extends FormBasicController {
* org.olat.core.gui.components.form.flexible.impl.FormEvent)
*/
@Override
- @SuppressWarnings("unused")
protected void formInnerEvent(UserRequest ureq, FormItem source, FormEvent event) {
if (source instanceof MultipleSelectionElement){
MultipleSelectionElement chkBox = (MultipleSelectionElement) source;
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactChoosenEvent.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactChoosenEvent.java
index 80f52fa9573..630b23d25b7 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactChoosenEvent.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactChoosenEvent.java
@@ -32,6 +32,7 @@ import org.olat.portfolio.model.artefacts.AbstractArtefact;
*/
public class EPArtefactChoosenEvent extends Event {
+ private static final long serialVersionUID = 3621326017804909627L;
private AbstractArtefact artefact;
public EPArtefactChoosenEvent(AbstractArtefact artefact) {
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactDeletedEvent.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactDeletedEvent.java
index 26c2a96362f..03146f17480 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactDeletedEvent.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactDeletedEvent.java
@@ -37,6 +37,7 @@ import org.olat.portfolio.model.artefacts.AbstractArtefact;
*/
public class EPArtefactDeletedEvent extends Event {
+ private static final long serialVersionUID = -3990634156779087562L;
public static final String ARTEFACT_DELETED = "artefactDeleted";
private final Long oldArtefactKey;
private final AbstractArtefact artefact;
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactViewController.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactViewController.java
index 842633d7cd0..ee7cb21640e 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactViewController.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactViewController.java
@@ -239,15 +239,23 @@ public class EPArtefactViewController extends FormBasicController {
// create edit buttons the adapt meta-data
if (!(viewOnlyMode || artefactChooseMode || artefactInClosedMap)){
- String reflexion = FilterFactory.getHtmlTagAndDescapingFilter().filter(artefact.getReflexion());
+ String reflexion = artefact.getReflexion();
+ reflexion = FilterFactory.getHtmlTagAndDescapingFilter().filter(reflexion);
+ reflexion = StringHelper.xssScan(reflexion);
reflexion = Formatter.truncate(reflexion, 50);
- if (reflexion == null || !StringHelper.containsNonWhitespace(reflexion)) reflexion = " "; // show a link even if empty
+ if (!StringHelper.containsNonWhitespace(reflexion)) {
+ reflexion = " "; // show a link even if empty
+ }
reflexionBtn = uifactory.addFormLink("reflexionBtn", reflexion, null, formLayout, Link.NONTRANSLATED);
reflexionBtn.setCustomEnabledLinkCSS("b_inline_editable b_ep_nolink");
- String description = FilterFactory.getHtmlTagAndDescapingFilter().filter(artefact.getDescription());
+ String description = artefact.getDescription();
+ description = FilterFactory.getHtmlTagAndDescapingFilter().filter(description);
description = Formatter.truncate(description, 50);
- if (description == null || !StringHelper.containsNonWhitespace(description)) description = " "; // show a link even if empty
+ description = StringHelper.xssScan(description);
+ if (!StringHelper.containsNonWhitespace(description)) {
+ description = " "; // show a link even if empty
+ }
descriptionBtn = uifactory.addFormLink("descriptionBtn", description, null, formLayout, Link.NONTRANSLATED);
descriptionBtn.setCustomEnabledLinkCSS("b_inline_editable b_ep_nolink");
}
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactViewReadOnlyController.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactViewReadOnlyController.java
index 232c81b2faf..c52283c5160 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactViewReadOnlyController.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPArtefactViewReadOnlyController.java
@@ -32,7 +32,6 @@ import org.olat.core.gui.control.WindowControl;
import org.olat.core.gui.control.controller.BasicController;
import org.olat.core.gui.control.generic.closablewrapper.CloseableModalController;
import org.olat.core.id.Identity;
-import org.olat.core.id.UserConstants;
import org.olat.core.util.Formatter;
import org.olat.core.util.StringHelper;
import org.olat.core.util.filter.FilterFactory;
@@ -40,7 +39,7 @@ import org.olat.portfolio.EPSecurityCallback;
import org.olat.portfolio.EPUIFactory;
import org.olat.portfolio.manager.EPFrontendManager;
import org.olat.portfolio.model.artefacts.AbstractArtefact;
-import org.olat.portfolio.model.structel.PortfolioStructure;
+import org.olat.user.UserManager;
/**
* Description:<br>
@@ -57,25 +56,25 @@ public class EPArtefactViewReadOnlyController extends BasicController {
private AbstractArtefact artefact;
private EPSecurityCallback secCallback;
- protected EPArtefactViewReadOnlyController(UserRequest ureq, WindowControl wControl, AbstractArtefact artefact, EPSecurityCallback secCallback, PortfolioStructure struct) {
+ protected EPArtefactViewReadOnlyController(UserRequest ureq, WindowControl wControl, AbstractArtefact artefact, EPSecurityCallback secCallback) {
super(ureq, wControl);
this.artefact = artefact;
this.secCallback = secCallback;
vC = createVelocityContainer("smallSingleArtefact");
vC.contextPut("artefact", artefact);
Identity artIdent = artefact.getAuthor();
- String fullName = artIdent.getUser().getProperty(UserConstants.FIRSTNAME, null)+" "+artIdent.getUser().getProperty(UserConstants.LASTNAME, null);
-
+ String fullName = CoreSpringFactory.getImpl(UserManager.class).getUserDisplayName(artIdent);
String description = FilterFactory.getHtmlTagAndDescapingFilter().filter(artefact.getDescription());
+ description = StringHelper.xssScan(description);
description = Formatter.truncate(description, 50);
vC.contextPut("description", description);
- vC.contextPut("authorName", fullName);
+ vC.contextPut("authorName", StringHelper.escapeHtml(fullName));
if (secCallback.canView()){
detailsLink = LinkFactory.createCustomLink("small.details.link", "open", "small.details.link", Link.LINK, vC, this);
detailsLink.setElementCssClass("o_sel_artefact_details");
}
- ePFMgr = (EPFrontendManager) CoreSpringFactory.getBean("epFrontendManager");
+ ePFMgr = CoreSpringFactory.getImpl(EPFrontendManager.class);
List<String> tags = ePFMgr.getArtefactTags(artefact);
vC.contextPut("tags", StringHelper.formatAsCSVString(tags));
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPMultipleArtefactPreviewController.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPMultipleArtefactPreviewController.java
index d65cc7e98e9..8e395b13660 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPMultipleArtefactPreviewController.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPMultipleArtefactPreviewController.java
@@ -180,7 +180,6 @@ public class EPMultipleArtefactPreviewController extends BasicController impleme
* org.olat.core.gui.control.Event)
*/
@Override
- @SuppressWarnings("unused")
protected void event(UserRequest ureq, Component source, Event event) {
if (source == artAttribBtn) {
if (artAttribCalloutCtr == null){
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPMultipleArtefactSmallReadOnlyPreviewController.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPMultipleArtefactSmallReadOnlyPreviewController.java
index e3a98f3ddaf..f42fd9da98e 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPMultipleArtefactSmallReadOnlyPreviewController.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPMultipleArtefactSmallReadOnlyPreviewController.java
@@ -88,7 +88,7 @@ public class EPMultipleArtefactSmallReadOnlyPreviewController extends BasicContr
if (special) {
artCtrl = artHandler.getSpecialMapViewController(ureq, getWindowControl(), artefact);
} else {
- artCtrl = new EPArtefactViewReadOnlyController(ureq, getWindowControl(), artefact, secCallback, struct);
+ artCtrl = new EPArtefactViewReadOnlyController(ureq, getWindowControl(), artefact, secCallback);
}
if (artCtrl != null){
artefactCtrls.add(artCtrl);
@@ -169,7 +169,6 @@ public class EPMultipleArtefactSmallReadOnlyPreviewController extends BasicContr
/**
* @see org.olat.core.gui.control.DefaultController#event(org.olat.core.gui.UserRequest, org.olat.core.gui.components.Component, org.olat.core.gui.control.Event)
*/
- @SuppressWarnings("unused")
@Override
protected void event(UserRequest ureq, Component source, Event event) {
// no events to handle yet
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPReflexionViewController.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPReflexionViewController.java
index 343e55b6fe6..41712d291a4 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPReflexionViewController.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPReflexionViewController.java
@@ -67,7 +67,6 @@ public class EPReflexionViewController extends FormBasicController {
* org.olat.core.gui.control.Controller, org.olat.core.gui.UserRequest)
*/
@Override
- @SuppressWarnings("unused")
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
setFormDescription("artefact.reflexion.view.descr");
@@ -97,7 +96,6 @@ public class EPReflexionViewController extends FormBasicController {
* @see org.olat.core.gui.control.generic.wizard.StepFormBasicController#formOK(org.olat.core.gui.UserRequest)
*/
@Override
- @SuppressWarnings("unused")
protected void formOK(UserRequest ureq) {
//do nothing
}
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPTagBrowseController.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPTagBrowseController.java
index 5a8e7d17b6f..0f18ffb6bdb 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPTagBrowseController.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPTagBrowseController.java
@@ -101,7 +101,6 @@ public class EPTagBrowseController extends BasicController {
* org.olat.core.gui.components.Component,
* org.olat.core.gui.control.Event)
*/
- @SuppressWarnings("unused")
@Override
protected void event(UserRequest ureq, Component source, Event event) {
// nothing
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPTagBrowseEvent.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPTagBrowseEvent.java
index 5f84d7e68e0..4a35c3ff8c6 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/EPTagBrowseEvent.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/EPTagBrowseEvent.java
@@ -33,7 +33,8 @@ import org.olat.portfolio.model.artefacts.AbstractArtefact;
* @author Roman Haag, roman.haag@frentix.com, http://www.frentix.com
*/
public class EPTagBrowseEvent extends Event {
-
+
+ private static final long serialVersionUID = -6127870154016020474L;
private final List<AbstractArtefact> artefacts;
public EPTagBrowseEvent(List<AbstractArtefact> artefacts) {
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/_content/smallSingleArtefact.html b/src/main/java/org/olat/portfolio/ui/artefacts/view/_content/smallSingleArtefact.html
index 53a799f95c3..eb2b904dd4d 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/_content/smallSingleArtefact.html
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/_content/smallSingleArtefact.html
@@ -1,5 +1,5 @@
-<div >
- <h4 class="b_with_small_icon_left $artefact.getIcon()">$!artefact.getTitle()</h4>
+<div>
+ <h4 class="b_with_small_icon_left $artefact.getIcon()">$r.escapeHtml($!artefact.getTitle())</h4>
#if($description)
<div class="b_desc">
$description
diff --git a/src/main/java/org/olat/portfolio/ui/artefacts/view/details/TextArtefactDetailsController.java b/src/main/java/org/olat/portfolio/ui/artefacts/view/details/TextArtefactDetailsController.java
index f025af2b27c..8b0611ebc41 100644
--- a/src/main/java/org/olat/portfolio/ui/artefacts/view/details/TextArtefactDetailsController.java
+++ b/src/main/java/org/olat/portfolio/ui/artefacts/view/details/TextArtefactDetailsController.java
@@ -31,6 +31,7 @@ import org.olat.core.gui.control.WindowControl;
import org.olat.core.gui.control.controller.BasicController;
import org.olat.core.gui.control.generic.closablewrapper.CloseableCalloutWindowController;
import org.olat.core.util.Formatter;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.filter.Filter;
import org.olat.core.util.filter.FilterFactory;
import org.olat.core.util.vfs.VFSContainer;
@@ -75,6 +76,7 @@ public class TextArtefactDetailsController extends BasicController {
if (!readOnlyMode) {
// prepare an edit link
String fulltext = FilterFactory.getHtmlTagAndDescapingFilter().filter(artFulltextContent);
+ fulltext = StringHelper.xssScan(fulltext);
fulltext = Formatter.truncate(fulltext, 50);
editBtn = LinkFactory.createCustomLink("text.edit.link", "edit", fulltext, Link.NONTRANSLATED, vC, this);
editBtn.setCustomEnabledLinkCSS("b_inline_editable b_ep_nolink");
@@ -90,14 +92,12 @@ public class TextArtefactDetailsController extends BasicController {
@Override
- @SuppressWarnings("unused")
protected void event(UserRequest ureq, Component source, Event event) {
if (source == editBtn) {
popupEditorCallout(ureq);
}
}
- @SuppressWarnings("unused")
@Override
protected void event(UserRequest ureq, Controller source, Event event) {
if (source == calloutCtrl && event.equals(CloseableCalloutWindowController.CLOSE_WINDOW_EVENT)) {
diff --git a/src/main/java/org/olat/portfolio/ui/structel/EPAddElementsController.java b/src/main/java/org/olat/portfolio/ui/structel/EPAddElementsController.java
index 9b72347340d..3a8a3f1a381 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/EPAddElementsController.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/EPAddElementsController.java
@@ -68,14 +68,13 @@ public class EPAddElementsController extends BasicController {
public static final String ADD_PAGE = "page";
public static final String ADD_STRUCTUREELEMENT = "struct";
public static final String ADD_PORTFOLIOSTRUCTURE = "map";
- private static final Set<String> typeSet = new HashSet<String>() {
- {
- add(ADD_ARTEFACT);
- add(ADD_PAGE);
- add(ADD_STRUCTUREELEMENT);
- add(ADD_PORTFOLIOSTRUCTURE);
- }
- };
+ private static final Set<String> typeSet = new HashSet<String>();
+ static {
+ typeSet.add(ADD_ARTEFACT);
+ typeSet.add(ADD_PAGE);
+ typeSet.add(ADD_STRUCTUREELEMENT);
+ typeSet.add(ADD_PORTFOLIOSTRUCTURE);
+ }
private final Map<String, Boolean> typeMap = new HashMap<String, Boolean>();
private CloseableModalController artefactBox;
private EPArtefactPoolRunController artefactPoolCtrl;
diff --git a/src/main/java/org/olat/portfolio/ui/structel/EPArtefactClicked.java b/src/main/java/org/olat/portfolio/ui/structel/EPArtefactClicked.java
index 5ee17af1028..78120156046 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/EPArtefactClicked.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/EPArtefactClicked.java
@@ -31,7 +31,8 @@ import org.olat.portfolio.model.structel.PortfolioStructure;
* @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
*/
public class EPArtefactClicked extends Event {
-
+
+ private static final long serialVersionUID = 7396012394011453648L;
private final PortfolioStructure structure;
public EPArtefactClicked(String cmd, PortfolioStructure structure) {
diff --git a/src/main/java/org/olat/portfolio/ui/structel/EPCreateMapController.java b/src/main/java/org/olat/portfolio/ui/structel/EPCreateMapController.java
index 40e31b081e4..6a0ec1bf312 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/EPCreateMapController.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/EPCreateMapController.java
@@ -59,7 +59,6 @@ public class EPCreateMapController extends FormBasicController {
* @see org.olat.core.gui.components.form.flexible.impl.FormBasicController#initForm(org.olat.core.gui.components.form.flexible.FormItemContainer,
* org.olat.core.gui.control.Controller, org.olat.core.gui.UserRequest)
*/
- @SuppressWarnings("unused")
@Override
protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
String title = "";
diff --git a/src/main/java/org/olat/portfolio/ui/structel/EPMapCreatedEvent.java b/src/main/java/org/olat/portfolio/ui/structel/EPMapCreatedEvent.java
index 9251c51d556..52ecc24604c 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/EPMapCreatedEvent.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/EPMapCreatedEvent.java
@@ -32,6 +32,8 @@ import org.olat.portfolio.model.structel.PortfolioStructureMap;
*/
public class EPMapCreatedEvent extends EPMapEvent {
+ private static final long serialVersionUID = -3783757567973482399L;
+
public EPMapCreatedEvent(PortfolioStructureMap resMap) {
super("EPMapCreated", resMap);
}
diff --git a/src/main/java/org/olat/portfolio/ui/structel/EPMapEvent.java b/src/main/java/org/olat/portfolio/ui/structel/EPMapEvent.java
index 0429e7c2bb6..7ffafdf270e 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/EPMapEvent.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/EPMapEvent.java
@@ -32,6 +32,8 @@ import org.olat.portfolio.model.structel.PortfolioStructureMap;
*/
public class EPMapEvent extends EPStructureEvent {
+ private static final long serialVersionUID = -4106964526869394707L;
+
public EPMapEvent(String command, PortfolioStructureMap map) {
super(command, map);
}
diff --git a/src/main/java/org/olat/portfolio/ui/structel/EPMapViewController.java b/src/main/java/org/olat/portfolio/ui/structel/EPMapViewController.java
index 8d90d77cc3c..50f44af2b56 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/EPMapViewController.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/EPMapViewController.java
@@ -40,6 +40,7 @@ import org.olat.core.id.OLATResourceable;
import org.olat.core.id.context.ContextEntry;
import org.olat.core.id.context.StateEntry;
import org.olat.core.logging.activity.ThreadLocalUserActivityLogger;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.coordinate.CoordinatorManager;
import org.olat.core.util.coordinate.LockResult;
import org.olat.course.CourseFactory;
@@ -159,7 +160,7 @@ public class EPMapViewController extends BasicController implements Activateable
EPTargetResource resource = ((EPStructuredMap)map).getTargetResource();
RepositoryEntry repoEntry = RepositoryManager.getInstance().lookupRepositoryEntry(resource.getOLATResourceable(), false);
if(repoEntry != null) {
- mainVc.contextPut("courseName", repoEntry.getDisplayname());
+ mainVc.contextPut("courseName", StringHelper.escapeHtml(repoEntry.getDisplayname()));
String url = Settings.getServerContextPathURI();
url += "/url/RepositoryEntry/" + repoEntry.getKey() + "/CourseNode/" + resource.getSubPath();
mainVc.contextPut("courseLink", url);
diff --git a/src/main/java/org/olat/portfolio/ui/structel/EPMultiplePageController.java b/src/main/java/org/olat/portfolio/ui/structel/EPMultiplePageController.java
index 2a8b1948172..e4339cc7555 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/EPMultiplePageController.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/EPMultiplePageController.java
@@ -79,7 +79,7 @@ public class EPMultiplePageController extends BasicController implements Activat
this.pageList = pageList;
this.pageListByKeys = new ArrayList<Long>(pageList.size());
this.secCallback = secCallback;
- ePFMgr = (EPFrontendManager) CoreSpringFactory.getBean("epFrontendManager");
+ ePFMgr = CoreSpringFactory.getImpl(EPFrontendManager.class);
vC = createVelocityContainer("multiPages");
@@ -111,10 +111,10 @@ public class EPMultiplePageController extends BasicController implements Activat
changelogLink.setUserObject(PAGENUM_CL);
int i = 1;
- ArrayList<Link> pageLinkList = new ArrayList<Link>();
+ List<Link> pageLinkList = new ArrayList<Link>();
for (PortfolioStructure page : pageList) {
pageListByKeys.add(page.getKey());
- String pageTitle =StringHelper.escapeHtml(((EPPage) page).getTitle());
+ String pageTitle =StringHelper.escapeHtml(page.getTitle());
String shortPageTitle = Formatter.truncate(pageTitle, 20);
Link pageLink = LinkFactory
.createCustomLink("pageLink" + i, "pageLink" + i, shortPageTitle, Link.LINK + Link.NONTRANSLATED, vC, this);
@@ -267,7 +267,7 @@ public class EPMultiplePageController extends BasicController implements Activat
}
@Override
- protected void event(UserRequest ureq, Component source, @SuppressWarnings("unused") Event event) {
+ protected void event(UserRequest ureq, Component source, Event event) {
if (source instanceof Link) {
Link link = (Link) source;
int pageNum = PAGENUM_TOC;
diff --git a/src/main/java/org/olat/portfolio/ui/structel/EPPageViewController.java b/src/main/java/org/olat/portfolio/ui/structel/EPPageViewController.java
index 7eee1c06593..9d48ff18211 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/EPPageViewController.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/EPPageViewController.java
@@ -68,7 +68,7 @@ public class EPPageViewController extends BasicController {
this.page = page;
this.secCallback = secCallback;
- ePFMgr = (EPFrontendManager) CoreSpringFactory.getBean("epFrontendManager");
+ ePFMgr = CoreSpringFactory.getImpl(EPFrontendManager.class);
commentAndRatingService = (CommentAndRatingService) CoreSpringFactory.getBean(CommentAndRatingService.class);
commentAndRatingService.init(getIdentity(), map.getOlatResource(), page.getKey().toString(), false, ureq.getUserSession().getRoles().isGuestOnly());
@@ -166,8 +166,6 @@ public class EPPageViewController extends BasicController {
//
}
-
- @SuppressWarnings("unused")
@Override
protected void event(UserRequest ureq, Component source, Event event) {
//
diff --git a/src/main/java/org/olat/portfolio/ui/structel/EPStructureChangeEvent.java b/src/main/java/org/olat/portfolio/ui/structel/EPStructureChangeEvent.java
index 74e43a2318c..3afccc76529 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/EPStructureChangeEvent.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/EPStructureChangeEvent.java
@@ -31,6 +31,8 @@ import org.olat.portfolio.model.structel.PortfolioStructure;
* @author Roman Haag, roman.haag@frentix.com, http://www.frentix.com
*/
public class EPStructureChangeEvent extends Event {
+
+ private static final long serialVersionUID = -7091171722782650074L;
private PortfolioStructure portfolioStructure;
diff --git a/src/main/java/org/olat/portfolio/ui/structel/EPStructureElementsController.java b/src/main/java/org/olat/portfolio/ui/structel/EPStructureElementsController.java
index b23425144f1..777c5828b5b 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/EPStructureElementsController.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/EPStructureElementsController.java
@@ -158,7 +158,6 @@ public class EPStructureElementsController extends BasicController {
}
}
- @SuppressWarnings("unused")
@Override
protected void event(UserRequest ureq, Component source, Event event) {
//
diff --git a/src/main/java/org/olat/portfolio/ui/structel/EPStructureEvent.java b/src/main/java/org/olat/portfolio/ui/structel/EPStructureEvent.java
index 2c563122b44..3ff55270e60 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/EPStructureEvent.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/EPStructureEvent.java
@@ -32,7 +32,8 @@ import org.olat.portfolio.model.structel.PortfolioStructure;
* @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
*/
public class EPStructureEvent extends Event {
-
+
+ private static final long serialVersionUID = 1732568799650825946L;
public static final String SELECT = "select";
public static final String SELECT_WITH_COMMENTS = "selectWithComments";
public static final String CLOSE = "close";
diff --git a/src/main/java/org/olat/portfolio/ui/structel/_content/mapview.html b/src/main/java/org/olat/portfolio/ui/structel/_content/mapview.html
index c6b09a2fcb0..b429d0591a4 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/_content/mapview.html
+++ b/src/main/java/org/olat/portfolio/ui/structel/_content/mapview.html
@@ -25,7 +25,7 @@
#end
<br/>
</div>
- <h4>$map.title</h4>
+ <h4>$r.escapeHtml($map.title)</h4>
<div style="clear: right;"></div>
#if(!$r.available("editor"))
diff --git a/src/main/java/org/olat/portfolio/ui/structel/_content/multiMaps.html b/src/main/java/org/olat/portfolio/ui/structel/_content/multiMaps.html
index ce6c7d52f90..6d4665214b6 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/_content/multiMaps.html
+++ b/src/main/java/org/olat/portfolio/ui/structel/_content/multiMaps.html
@@ -22,10 +22,10 @@
#set($index = ($velocityCount - 1))
#if($map.getClass().getSimpleName() == "EPStructuredMapTemplate") #set($addTempStamp = "template") #end
<li class="$!mapStyles.get($index) $!addTempStamp">
- <h4>$map.title</h4>
- <div class="b_map_descr">$map.shortenedDescription</div>
+ <h4>$r.escapeHtml($map.title)</h4>
+ <div class="b_map_descr">$r.escapeHtml($map.shortenedDescription)</div>
<div class="b_map_info">
- #if ($owners.get($index)) <p>$r.translate("map.owners", $owners.get($index)) </p> #end
+ #if ($owners.get($index)) <p>$r.translate("map.owners", $r.escapeHtml($owners.get($index))) </p> #end
<p>$amounts.get($index)
#if ($deadLines.get($index)) <br/> $r.translate("map.deadline", "$r.formatDate($deadLines.get($index))") #end
#if ($restriStats.get($index)) <br/> $r.translate("map.restriction.overview", $restriStats.get($index)) #end
diff --git a/src/main/java/org/olat/portfolio/ui/structel/_content/pageView.html b/src/main/java/org/olat/portfolio/ui/structel/_content/pageView.html
index 2462102b8bc..cbdfb3ca9a7 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/_content/pageView.html
+++ b/src/main/java/org/olat/portfolio/ui/structel/_content/pageView.html
@@ -1,6 +1,6 @@
## see similarity with mapview.html
<div class="b_eportfolio_page">
- <h4>$page.title</h4>
+ <h4>$r.escapeHtml($page.title)</h4>
## <small>$page.key</small><br/>
#if($r.available("addButton"))
$r.render("addButton")
diff --git a/src/main/java/org/olat/portfolio/ui/structel/_content/structElements.html b/src/main/java/org/olat/portfolio/ui/structel/_content/structElements.html
index 3de62c432fc..53f22c12645 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/_content/structElements.html
+++ b/src/main/java/org/olat/portfolio/ui/structel/_content/structElements.html
@@ -5,7 +5,7 @@
#set($artefacts = "artefacts$velocityCount")
#set($checkResults = "checkResults$velocityCount")
<div class="b_eportfolio_structure">
- <h5>$structEl.title</h5>
+ <h5>$r.escapeHtml($structEl.title)</h5>
#if($r.available($addBtn))
$r.render($addBtn)
#end
diff --git a/src/main/java/org/olat/portfolio/ui/structel/edit/EPCollectRestrictionResultController.java b/src/main/java/org/olat/portfolio/ui/structel/edit/EPCollectRestrictionResultController.java
index 40350ecf397..f790a8d2dab 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/edit/EPCollectRestrictionResultController.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/edit/EPCollectRestrictionResultController.java
@@ -117,7 +117,6 @@ public class EPCollectRestrictionResultController extends BasicController {
}
@Override
- @SuppressWarnings("unused")
protected void event(UserRequest ureq, Component source, Event event) {
//
}
diff --git a/src/main/java/org/olat/portfolio/ui/structel/edit/EPStructureDetailsController.java b/src/main/java/org/olat/portfolio/ui/structel/edit/EPStructureDetailsController.java
index 3d183b1047a..221693bd8bd 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/edit/EPStructureDetailsController.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/edit/EPStructureDetailsController.java
@@ -111,7 +111,6 @@ public class EPStructureDetailsController extends FormBasicController {
* @see org.olat.core.gui.components.form.flexible.impl.FormBasicController#initForm(org.olat.core.gui.components.form.flexible.FormItemContainer,
* org.olat.core.gui.control.Controller, org.olat.core.gui.UserRequest)
*/
- @SuppressWarnings("unused")
@Override
protected void initForm(final FormItemContainer formLayout, final Controller listener, final UserRequest ureq) {
diff --git a/src/main/java/org/olat/portfolio/ui/structel/edit/EPStructureTreeAndDetailsEditController.java b/src/main/java/org/olat/portfolio/ui/structel/edit/EPStructureTreeAndDetailsEditController.java
index 5c2eea88b01..ad1fae82749 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/edit/EPStructureTreeAndDetailsEditController.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/edit/EPStructureTreeAndDetailsEditController.java
@@ -119,7 +119,6 @@ public class EPStructureTreeAndDetailsEditController extends FormBasicController
/**
* @see org.olat.core.gui.components.form.flexible.impl.FormBasicController#formInnerEvent(org.olat.core.gui.UserRequest, org.olat.core.gui.components.form.flexible.FormItem, org.olat.core.gui.components.form.flexible.impl.FormEvent)
*/
- @SuppressWarnings("unused")
@Override
protected void formInnerEvent(UserRequest ureq, FormItem source, FormEvent event) {
if (source == mapStyle){
@@ -159,13 +158,13 @@ public class EPStructureTreeAndDetailsEditController extends FormBasicController
protected void doDispose() {
// nothing to dispose
}
-
+
+ @Override
public FormItem getInitialFormItem() {
return flc;
}
@Override
- @SuppressWarnings("unused")
protected void formOK(UserRequest ureq) {
//
}
diff --git a/src/main/java/org/olat/portfolio/ui/structel/edit/EPTOCController.java b/src/main/java/org/olat/portfolio/ui/structel/edit/EPTOCController.java
index dc3f22c211d..96df5deac2c 100644
--- a/src/main/java/org/olat/portfolio/ui/structel/edit/EPTOCController.java
+++ b/src/main/java/org/olat/portfolio/ui/structel/edit/EPTOCController.java
@@ -201,7 +201,7 @@ public class EPTOCController extends BasicController {
if (artefactClicked != null) {
AbstractArtefact artefact = artefactClicked;
PortfolioStructure parentStruct = getArtefactParentStruct(artefactClicked);
- PortfolioStructure mergedStruct = ePFMgr.removeArtefactFromStructure(artefact, parentStruct);
+ ePFMgr.removeArtefactFromStructure(artefact, parentStruct);
// refresh the view
fireEvent(ureq, Event.CHANGED_EVENT);
} else if (structureClicked != null) {
diff --git a/src/main/java/org/olat/repository/controllers/RepositoryDetailsController.java b/src/main/java/org/olat/repository/controllers/RepositoryDetailsController.java
index b1248a5eb7d..b124894e161 100644
--- a/src/main/java/org/olat/repository/controllers/RepositoryDetailsController.java
+++ b/src/main/java/org/olat/repository/controllers/RepositoryDetailsController.java
@@ -335,7 +335,7 @@ public class RepositoryDetailsController extends BasicController implements Gene
for(IdentityShort author:authors) {
String authorName = userManager.getUserDisplayName(author);
Link authorLink = LinkFactory.createLink("author_" + counter++, main, this);
- authorLink.setCustomDisplayText(authorName);
+ authorLink.setCustomDisplayText(StringHelper.escapeHtml(authorName));
authorLink.setUserObject(author);
authorLinkNames.add(authorLink.getComponentName());
}
@@ -347,7 +347,7 @@ public class RepositoryDetailsController extends BasicController implements Gene
if(!initialAuthors.isEmpty()) {
String authorName = userManager.getUserDisplayName(initialAuthors.get(0));
Link authorLink = LinkFactory.createLink("author_" + counter++, main, this);
- authorLink.setCustomDisplayText(authorName);
+ authorLink.setCustomDisplayText(StringHelper.escapeHtml(authorName));
authorLink.setUserObject(initialAuthors.get(0));
main.contextPut("initialauthorlinkename", authorLink.getComponentName());
}
diff --git a/src/main/java/org/olat/repository/controllers/RepositoryEditDescriptionController.java b/src/main/java/org/olat/repository/controllers/RepositoryEditDescriptionController.java
index 3d9519a5fb3..fbf0e9b66cc 100644
--- a/src/main/java/org/olat/repository/controllers/RepositoryEditDescriptionController.java
+++ b/src/main/java/org/olat/repository/controllers/RepositoryEditDescriptionController.java
@@ -138,6 +138,7 @@ public class RepositoryEditDescriptionController extends FormBasicController {
if(repositoryEntry.getInitialAuthor() != null) {
initalAuthor = userManager.getUserDisplayName(initalAuthor);
}
+ initalAuthor = StringHelper.escapeHtml(initalAuthor);
uifactory.addStaticTextElement("cif.initialAuthor", initalAuthor, descCont);
// Add resource type
String typeName = null;
diff --git a/src/main/java/org/olat/resource/accesscontrol/provider/free/ui/FreeAccessController.java b/src/main/java/org/olat/resource/accesscontrol/provider/free/ui/FreeAccessController.java
index b6b9adb0266..8ffcac47240 100644
--- a/src/main/java/org/olat/resource/accesscontrol/provider/free/ui/FreeAccessController.java
+++ b/src/main/java/org/olat/resource/accesscontrol/provider/free/ui/FreeAccessController.java
@@ -76,6 +76,7 @@ public class FreeAccessController extends FormBasicController implements FormCon
String description = link.getOffer().getDescription();
if(StringHelper.containsNonWhitespace(description)) {
+ description = StringHelper.escapeHtml(description);
uifactory.addStaticTextElement("offer.description", description, formLayout);
}
diff --git a/src/main/java/org/olat/resource/accesscontrol/provider/paypal/ui/PaypalAccessController.java b/src/main/java/org/olat/resource/accesscontrol/provider/paypal/ui/PaypalAccessController.java
index 6d9751243a2..2349f0cb7a3 100644
--- a/src/main/java/org/olat/resource/accesscontrol/provider/paypal/ui/PaypalAccessController.java
+++ b/src/main/java/org/olat/resource/accesscontrol/provider/paypal/ui/PaypalAccessController.java
@@ -104,6 +104,7 @@ public class PaypalAccessController extends FormBasicController implements FormC
String description = link.getOffer().getDescription();
if(StringHelper.containsNonWhitespace(description)) {
+ description = StringHelper.escapeHtml(description);
uifactory.addStaticTextElement("offer.description", description, formLayout);
}
diff --git a/src/main/java/org/olat/resource/accesscontrol/provider/token/ui/TokenAccessController.java b/src/main/java/org/olat/resource/accesscontrol/provider/token/ui/TokenAccessController.java
index c8e1f900195..5ab15bd8dec 100644
--- a/src/main/java/org/olat/resource/accesscontrol/provider/token/ui/TokenAccessController.java
+++ b/src/main/java/org/olat/resource/accesscontrol/provider/token/ui/TokenAccessController.java
@@ -78,6 +78,7 @@ public class TokenAccessController extends FormBasicController implements FormCo
String description = link.getOffer().getDescription();
if(StringHelper.containsNonWhitespace(description)) {
+ description = StringHelper.escapeHtml(description);
uifactory.addStaticTextElement("offer.description", description, formLayout);
}
diff --git a/src/main/java/org/olat/resource/accesscontrol/ui/OrderDetailController.java b/src/main/java/org/olat/resource/accesscontrol/ui/OrderDetailController.java
index 223cc94f1a9..504c97bab6e 100644
--- a/src/main/java/org/olat/resource/accesscontrol/ui/OrderDetailController.java
+++ b/src/main/java/org/olat/resource/accesscontrol/ui/OrderDetailController.java
@@ -52,7 +52,6 @@ import org.olat.core.gui.control.WindowControl;
import org.olat.core.gui.control.generic.closablewrapper.CloseableModalController;
import org.olat.core.id.OLATResourceable;
import org.olat.core.id.User;
-import org.olat.core.id.UserConstants;
import org.olat.core.id.context.BusinessControl;
import org.olat.core.id.context.BusinessControlFactory;
import org.olat.core.util.Formatter;
@@ -66,6 +65,7 @@ import org.olat.resource.accesscontrol.model.AccessTransaction;
import org.olat.resource.accesscontrol.model.Order;
import org.olat.resource.accesscontrol.model.OrderLine;
import org.olat.resource.accesscontrol.model.OrderPart;
+import org.olat.user.UserManager;
public class OrderDetailController extends FormBasicController {
@@ -126,14 +126,16 @@ public class OrderDetailController extends FormBasicController {
OrderItemWrapper wrapper = tableModel.getObject(0);
if(wrapper.getItem().getOffer().getResource() != null) {
//resource is null if the resource has been deleted
- String linkName = wrapper.getDisplayName();
+ String linkName = StringHelper.escapeHtml(wrapper.getDisplayName());
selectResourceLink = uifactory.addFormLink("resource", linkName, translate("order.item"), mainLayout, Link.NONTRANSLATED);
selectResourceLink.setUserObject(wrapper);
}
}
+
+ UserManager userManager = CoreSpringFactory.getImpl(UserManager.class);
User user = order.getDelivery().getUser();
- String delivery = user.getProperty(UserConstants.FIRSTNAME, null) + " " + user.getProperty(UserConstants.LASTNAME, null);
+ String delivery = StringHelper.escapeHtml(userManager.getUserDisplayName(user));
uifactory.addStaticTextElement("delivery", "order.delivery", delivery, mainLayout);
if(formLayout instanceof FormLayoutContainer) {
diff --git a/src/main/java/org/olat/resource/accesscontrol/ui/_content/configuration_list.html b/src/main/java/org/olat/resource/accesscontrol/ui/_content/configuration_list.html
index ec6c4512a72..5d25ba985a3 100644
--- a/src/main/java/org/olat/resource/accesscontrol/ui/_content/configuration_list.html
+++ b/src/main/java/org/olat/resource/accesscontrol/ui/_content/configuration_list.html
@@ -22,7 +22,7 @@
#set($desc = $confController.getLink().getOffer().getDescription())
#if ($desc)
<tr class="$css b_access_desc">
- <td colspan="5">$desc</td>
+ <td colspan="5">$r.escapeHtml($desc)</td>
</tr>
#end
#end
diff --git a/src/main/java/org/olat/search/service/document/file/PdfDocument.java b/src/main/java/org/olat/search/service/document/file/PdfDocument.java
index 436baaf0dec..311b7dde3d6 100644
--- a/src/main/java/org/olat/search/service/document/file/PdfDocument.java
+++ b/src/main/java/org/olat/search/service/document/file/PdfDocument.java
@@ -98,6 +98,10 @@ public class PdfDocument extends FileDocument {
String bean = externalIndexer ? "pdfExternalIndexer" : "pdfInternalIndexer";
PdfExtractor extractor = (PdfExtractor)CoreSpringFactory.getBean(bean);
+ if("xss-content.pdf".equals(leaf.getName())) {
+ System.out.println();
+ }
+
File pdfTextFile = new File(pdfTextBufferPath, getFilePath() + ".tmp");
if (isNewPdfFile(leaf, pdfTextFile)) {
//prepare dirs
diff --git a/src/main/java/org/olat/search/ui/_content/standardResult.html b/src/main/java/org/olat/search/ui/_content/standardResult.html
index e864394bbaa..4b2a5a91e6f 100644
--- a/src/main/java/org/olat/search/ui/_content/standardResult.html
+++ b/src/main/java/org/olat/search/ui/_content/standardResult.html
@@ -27,7 +27,7 @@
<div class="o_search_result_details" style="display: none" id="o_search_result_$id">
#if (!$author.equals("") )
<div class="o_search_result_author">
- <strong>$r.translate("label.search.author"):</strong> $author.
+ <strong>$r.translate("label.search.author"):</strong> $r.escapeHtml($author).
</div>
#end
#if ($result.lastChange )
diff --git a/src/main/java/org/olat/user/DisplayPortraitController.java b/src/main/java/org/olat/user/DisplayPortraitController.java
index 3c334bd09b3..48041ce78aa 100644
--- a/src/main/java/org/olat/user/DisplayPortraitController.java
+++ b/src/main/java/org/olat/user/DisplayPortraitController.java
@@ -40,6 +40,7 @@ import org.olat.core.gui.media.MediaResource;
import org.olat.core.id.Identity;
import org.olat.core.id.UserConstants;
import org.olat.core.logging.AssertException;
+import org.olat.core.util.StringHelper;
import org.olat.user.propertyhandlers.GenderPropertyHandler;
/**
@@ -143,8 +144,8 @@ public class DisplayPortraitController extends BasicController {
myContent.contextPut("hasPortrait", (portrait != null) ? Boolean.TRUE : Boolean.FALSE);
myContent.contextPut("identityKey", portraitIdent.getKey().toString());
myContent.contextPut("displayUserFullName", displayUserFullName);
- myContent.contextPut("firstname", portraitIdent.getUser().getProperty(UserConstants.FIRSTNAME, null));
- myContent.contextPut("lastname",portraitIdent.getUser().getProperty(UserConstants.LASTNAME, null));
+ myContent.contextPut("firstname", StringHelper.escapeHtml(portraitIdent.getUser().getProperty(UserConstants.FIRSTNAME, null)));
+ myContent.contextPut("lastname",StringHelper.escapeHtml(portraitIdent.getUser().getProperty(UserConstants.LASTNAME, null)));
putInitialPanel(myContent);
diff --git a/src/main/java/org/olat/user/HomePageDisplayController.java b/src/main/java/org/olat/user/HomePageDisplayController.java
index 15bdb7b9efb..5c200f4221e 100644
--- a/src/main/java/org/olat/user/HomePageDisplayController.java
+++ b/src/main/java/org/olat/user/HomePageDisplayController.java
@@ -42,6 +42,7 @@ import org.olat.core.gui.control.controller.BasicController;
import org.olat.core.id.Identity;
import org.olat.core.id.User;
import org.olat.core.id.UserConstants;
+import org.olat.core.util.StringHelper;
import org.olat.instantMessaging.ImPreferences;
import org.olat.instantMessaging.InstantMessagingModule;
import org.olat.instantMessaging.InstantMessagingService;
@@ -76,9 +77,11 @@ public class HomePageDisplayController extends BasicController {
// use property handler translator for translating of user fields
setTranslator(UserManager.getInstance().getPropertyHandlerTranslator(getTranslator()));
VelocityContainer mainVC = createVelocityContainer("homepagedisplay");
-
+
+ String fullname = StringHelper.escapeHtml(userManager.getUserDisplayName(homeIdentity));
mainVC.contextPut("deleted", homeIdentity.getStatus().equals(Identity.STATUS_DELETED));
mainVC.contextPut("user", homeIdentity.getUser());
+ mainVC.contextPut("userFullname", fullname);
mainVC.contextPut("locale", getLocale());
// add configured property handlers and the homepage config
@@ -104,8 +107,8 @@ public class HomePageDisplayController extends BasicController {
ImPreferences prefs = imService.getImPreferences(homeIdentity);
if(prefs.isVisibleToOthers()) {
User user = homeIdentity.getUser();
- String fName = user.getProperty(UserConstants.FIRSTNAME, getLocale());
- String lName = user.getProperty(UserConstants.LASTNAME, getLocale());
+ String fName = StringHelper.escapeHtml(user.getProperty(UserConstants.FIRSTNAME, getLocale()));
+ String lName = StringHelper.escapeHtml(user.getProperty(UserConstants.LASTNAME, getLocale()));
imLink = LinkFactory.createCustomLink("im.link", "im.link", "im.link", Link.NONTRANSLATED, mainVC, this);
imLink.setCustomDisplayText(translate("im.link", new String[] {fName,lName}));
Buddy buddy = imService.getBuddyById(homeIdentity.getKey());
diff --git a/src/main/java/org/olat/user/_content/homepagedisplay.html b/src/main/java/org/olat/user/_content/homepagedisplay.html
index 73ec16853e1..95a9dd5e7a0 100644
--- a/src/main/java/org/olat/user/_content/homepagedisplay.html
+++ b/src/main/java/org/olat/user/_content/homepagedisplay.html
@@ -1,5 +1,5 @@
<div class="o_visitingcard b_clearfix"><div class="b_floatscrollbox">
- <h4>$r.translate("menu.homepage") $user.getProperty("firstName", $locale) $user.getProperty("lastName", $locale)</h4>
+ <h4>$r.translate("menu.homepage") $userFullname</h4>
#if ($deleted)
<p>
<i><strong>$r.translate("user.deleted")</strong></i>
diff --git a/src/main/java/org/olat/user/propertyhandlers/XingPropertyHandler.java b/src/main/java/org/olat/user/propertyhandlers/XingPropertyHandler.java
index 3cbff3505e9..e071d0c373d 100644
--- a/src/main/java/org/olat/user/propertyhandlers/XingPropertyHandler.java
+++ b/src/main/java/org/olat/user/propertyhandlers/XingPropertyHandler.java
@@ -85,9 +85,11 @@ public class XingPropertyHandler extends Generic127CharTextPropertyHandler {
// FXOLAT-343 :: can't search by user-email on xing... just link to xing-homepage
String xingname = getUserProperty(user, locale);
if (StringHelper.containsNonWhitespace(xingname)) {
- StringBuffer stringBuffer = new StringBuffer();
- stringBuffer.append("<a href=\"http://www.xing.com\" target=\"_blank\">" + xingname + "</a>");
- return stringBuffer.toString();
+ StringBuilder sb = new StringBuilder();
+ sb.append("<a href=\"http://www.xing.com\" target=\"_blank\">")
+ .append(StringHelper.escapeHtml(xingname))
+ .append("</a>");
+ return sb.toString();
} else {
return null;
}
diff --git a/src/main/webapp/static/js/tinymce4/tinymce/langs/fr.js b/src/main/webapp/static/js/tinymce4/tinymce/langs/fr.js
new file mode 100755
index 00000000000..b2978b868c6
--- /dev/null
+++ b/src/main/webapp/static/js/tinymce4/tinymce/langs/fr.js
@@ -0,0 +1,175 @@
+tinymce.addI18n('fr_FR',{
+"Cut": "Couper",
+"Header 2": "En-t\u00eate 2",
+"Your browser doesn't support direct access to the clipboard. Please use the Ctrl+X\/C\/V keyboard shortcuts instead.": "Votre navigateur ne supporte pas la copie directe. Merci d'utiliser les touches Ctrl+X\/C\/V.",
+"Div": "Div",
+"Paste": "Coller",
+"Close": "Fermer",
+"Pre": "Pre",
+"Align right": "Aligner \u00e0 droite",
+"New document": "Nouveau document",
+"Blockquote": "Citation",
+"Numbered list": "Num\u00e9rotation",
+"Increase indent": "Augmenter le retrait",
+"Formats": "Formats",
+"Headers": "En-t\u00eates",
+"Select all": "Tout s\u00e9lectionner",
+"Header 3": "En-t\u00eate 3",
+"Blocks": "Blocs",
+"Undo": "Annuler",
+"Strikethrough": "Barr\u00e9",
+"Bullet list": "Puces",
+"Header 1": "En-t\u00eate 1",
+"Superscript": "Exposant",
+"Clear formatting": "Effacer la mise en forme",
+"Subscript": "Indice",
+"Header 6": "En-t\u00eate 6",
+"Redo": "R\u00e9tablir",
+"Paragraph": "Paragraphe",
+"Ok": "Ok",
+"Bold": "Gras",
+"Code": "Code",
+"Italic": "Italique",
+"Align center": "Aligner au centre",
+"Header 5": "En-t\u00eate 5",
+"Decrease indent": "Diminuer le retrait",
+"Header 4": "En-t\u00eate 4",
+"Paste is now in plain text mode. Contents will now be pasted as plain text until you toggle this option off.": "Le presse-papiers est maintenant en mode \"texte plein\". Les contenus seront coll\u00e9s sans retenir les formatages jusqu'\u00e0 ce que vous d\u00e9sactiviez cette option.",
+"Underline": "Soulign\u00e9",
+"Cancel": "Annuler",
+"Justify": "Justifi\u00e9",
+"Inline": "en place",
+"Copy": "Copier",
+"Align left": "Aligner \u00e0 gauche",
+"Visual aids": "Aides visuelle",
+"Lower Greek": "Grec minuscule",
+"Square": "Carr\u00e9",
+"Default": "Par d\u00e9faut",
+"Lower Alpha": "Alpha inf\u00e9rieure",
+"Circle": "Cercle",
+"Disc": "Disque",
+"Upper Alpha": "Alpha majuscule",
+"Upper Roman": "Romain majuscule",
+"Lower Roman": "Romain minuscule",
+"Name": "Nom",
+"Anchor": "Ancre",
+"You have unsaved changes are you sure you want to navigate away?": "Vous avez des modifications non enregistr\u00e9es, \u00eates-vous s\u00fbr de quitter la page?",
+"Restore last draft": "Restaurer le dernier brouillon",
+"Special character": "Caract\u00e8res sp\u00e9ciaux",
+"Source code": "Code source",
+"Right to left": "Droite \u00e0 gauche",
+"Left to right": "Gauche \u00e0 droite",
+"Emoticons": "Emotic\u00f4nes",
+"Robots": "Robots",
+"Document properties": "Propri\u00e9t\u00e9 du document",
+"Title": "Titre",
+"Keywords": "Mots-cl\u00e9s",
+"Encoding": "Encodage",
+"Description": "Description",
+"Author": "Auteur",
+"Fullscreen": "Plein \u00e9cran",
+"Horizontal line": "Ligne horizontale",
+"Horizontal space": "Espacement horizontal",
+"Insert\/edit image": "Ins\u00e9rer\/\u00e9diter une image",
+"General": "G\u00e9n\u00e9ral",
+"Advanced": "Avanc\u00e9",
+"Source": "Source",
+"Border": "Bordure",
+"Constrain proportions": "Contraindre les proportions",
+"Vertical space": "Espacement vertical",
+"Image description": "Description de l'image",
+"Style": "Style",
+"Dimensions": "Dimensions",
+"Insert image": "Ins\u00e9rer une image",
+"Insert date\/time": "Ins\u00e9rer date\/heure",
+"Remove link": "Enlever le lien",
+"Url": "Url",
+"Text to display": "Texte \u00e0 afficher",
+"Anchors": "Ancre",
+"Insert link": "Ins\u00e9rer un lien",
+"New window": "Nouvelle fen\u00eatre",
+"None": "n\/a",
+"Target": "Cible",
+"Insert\/edit link": "Ins\u00e9rer\/\u00e9diter un lien",
+"Insert\/edit video": "Ins\u00e9rer\/\u00e9diter une vid\u00e9o",
+"Poster": "Afficher",
+"Alternative source": "Source alternative",
+"Paste your embed code below:": "Collez votre code d'int\u00e9gration ci-dessous :",
+"Insert video": "Ins\u00e9rer une vid\u00e9o",
+"Embed": "Int\u00e9grer",
+"Nonbreaking space": "Espace ins\u00e9cable",
+"Page break": "Saut de page",
+"Paste as text": "Coller comme texte",
+"Preview": "Pr\u00e9visualiser",
+"Print": "Imprimer",
+"Save": "Enregistrer",
+"Could not find the specified string.": "Impossible de trouver la cha\u00eene sp\u00e9cifi\u00e9e.",
+"Replace": "Remplacer",
+"Next": "Suiv",
+"Whole words": "Mots entiers",
+"Find and replace": "Trouver et remplacer",
+"Replace with": "Remplacer par",
+"Find": "Chercher",
+"Replace all": "Tout remplacer",
+"Match case": "Respecter la casse",
+"Prev": "Pr\u00e9c ",
+"Spellcheck": "V\u00e9rification orthographique",
+"Finish": "Finie",
+"Ignore all": "Tout ignorer",
+"Ignore": "Ignorer",
+"Insert row before": "Ins\u00e9rer une ligne avant",
+"Rows": "Lignes",
+"Height": "Hauteur",
+"Paste row after": "Coller la ligne apr\u00e8s",
+"Alignment": "Alignement",
+"Column group": "Groupe de colonnes",
+"Row": "Ligne",
+"Insert column before": "Ins\u00e9rer une colonne avant",
+"Split cell": "Diviser la cellule",
+"Cell padding": "Espacement interne cellule",
+"Cell spacing": "Espacement inter-cellulles",
+"Row type": "Type de ligne",
+"Insert table": "Ins\u00e9rer un tableau",
+"Body": "Corps",
+"Caption": "Titre",
+"Footer": "Pied",
+"Delete row": "Effacer la ligne",
+"Paste row before": "Coller la ligne avant",
+"Scope": "Etendue",
+"Delete table": "Supprimer le tableau",
+"Header cell": "Cellule d'en-t\u00eate",
+"Column": "Colonne",
+"Cell": "Cellule",
+"Header": "En-t\u00eate",
+"Cell type": "Type de cellule",
+"Copy row": "Copier la ligne",
+"Row properties": "Propri\u00e9t\u00e9s de la ligne",
+"Table properties": "Propri\u00e9t\u00e9s du tableau",
+"Row group": "Groupe de lignes",
+"Right": "Droite",
+"Insert column after": "Ins\u00e9rer une colonne apr\u00e8s",
+"Cols": "Colonnes",
+"Insert row after": "Ins\u00e9rer une ligne apr\u00e8s",
+"Width": "Largeur",
+"Cell properties": "Propri\u00e9t\u00e9s de la cellule",
+"Left": "Gauche",
+"Cut row": "Couper la ligne",
+"Delete column": "Effacer la colonne",
+"Center": "Centr\u00e9",
+"Merge cells": "Fusionner les cellules",
+"Insert template": "Ajouter un th\u00e8me",
+"Templates": "Th\u00e8mes",
+"Background color": "Couleur d'arri\u00e8re-plan",
+"Text color": "Couleur du texte",
+"Show blocks": "Afficher les blocs",
+"Show invisible characters": "Afficher les caract\u00e8res invisibles",
+"Words: {0}": "Mots : {0}",
+"Insert": "Ins\u00e9rer",
+"File": "Fichier",
+"Edit": "Editer",
+"Rich Text Area. Press ALT-F9 for menu. Press ALT-F10 for toolbar. Press ALT-0 for help": "Zone Texte Riche. Appuyer sur ALT-F9 pour le menu. Appuyer sur ALT-F10 pour la barre d'outils. Appuyer sur ALT-0 pour de l'aide.",
+"Tools": "Outils",
+"View": "Voir",
+"Table": "Tableau",
+"Format": "Format"
+});
\ No newline at end of file
diff --git a/src/test/java/org/olat/instantMessaging/RosterDAOTest.java b/src/test/java/org/olat/instantMessaging/RosterDAOTest.java
index d12fc1ce982..9ae23306357 100644
--- a/src/test/java/org/olat/instantMessaging/RosterDAOTest.java
+++ b/src/test/java/org/olat/instantMessaging/RosterDAOTest.java
@@ -144,30 +144,4 @@ public class RosterDAOTest extends OlatTestCase {
Assert.assertNotNull(reloadedEntries);
Assert.assertTrue(reloadedEntries.isEmpty());
}
-
- @Test
- public void testClearRosterEntries() {
- //create an entry
- OLATResourceable chatResource = OresHelper.createOLATResourceableInstance("unit-test-4-" + UUID.randomUUID().toString(), System.currentTimeMillis());
- for(int i=0; i<10; i++) {
- Identity id = JunitTestHelper.createAndPersistIdentityAsAdmin("im-roster-4-" + UUID.randomUUID().toString());
- rosterDao.createRosterEntry(chatResource, id, "My full name", "A nick name", false, false);
- }
- dbInstance.commitAndCloseSession();
-
- //check the presence of the entries
- List<RosterEntryImpl> entries = rosterDao.getRoster(chatResource, 0, -1);
- Assert.assertNotNull(entries);
- Assert.assertEquals(10, entries.size());
- dbInstance.commitAndCloseSession();
-
- //delete the entry
- rosterDao.clear();
- dbInstance.commitAndCloseSession();
-
- //check the absence of the entry
- List<RosterEntryImpl> reloadedEntries = rosterDao.getRoster(chatResource, 0, -1);
- Assert.assertNotNull(reloadedEntries);
- Assert.assertTrue(reloadedEntries.isEmpty());
- }
}
--
GitLab